Malware Analysis Report

2025-01-18 21:15

Sample ID 240322-r7mqbafb2z
Target jre-7-windows-x64.exe
SHA256 48bcc7986670ec7c4b66d813759b1cc463e5d3aa063a6ec730692f4a97da59ee
Tags
adware persistence stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

48bcc7986670ec7c4b66d813759b1cc463e5d3aa063a6ec730692f4a97da59ee

Threat Level: Likely malicious

The file jre-7-windows-x64.exe was found to be: Likely malicious.

Malicious Activity Summary

adware persistence stealer

Modifies Installed Components in the registry

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Installs/modifies Browser Helper Object

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-22 14:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-22 14:50

Reported

2024-03-22 14:52

Platform

win10-20240221-en

Max time kernel

48s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\jre-7-windows-x64.exe"

Signatures

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}\ComponentID = "JAVAVM" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}\IsInstalled = "1" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}\KeyFileName = "C:\\Program Files\\Java\\jre7\\bin\\deploy.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}\Version = "5,0,5000,0" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}\Locale = "EN" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}\ = "Java (Sun)" C:\Windows\System32\MsiExec.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0102-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0181-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0111-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0288-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0349-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0038-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0079-ABCDEFFEDCBC}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0191-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0348-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0261-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0377-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0125-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0176-ABCDEFFEDCBC}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0072-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0321-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0042-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0182-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBC}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0258-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0015-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0206-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0173-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0047-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0155-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0158-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBC}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0138-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0160-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0345-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0295-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0343-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0207-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0389-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0114-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0342-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0056-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0099-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0238-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0271-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0389-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0213-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0097-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBC}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0125-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0255-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0190-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Windows\System32\MsiExec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\java.exe C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\java.exe C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\javaw.exe C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\javaws.exe C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\deploytk.dll C:\Windows\System32\MsiExec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\Welcome.html C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Resolute C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Hobart C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Gaborone C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\bin\keytool.exe C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\El_Salvador C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Recife C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Samara C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\bin\orbd.exe C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Dar_es_Salaam C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\bin\instrument.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Oral C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MST7MDT C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\bin\tnameserv.exe C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Harare C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Caracas C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MET C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\bin\jaas_nt.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\servicetag\jdk_header.png C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Addis_Ababa C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Kampala C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\bin\jsound.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\splash.gif C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\meta-index C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Porto-Novo C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Malta C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\bin\java-rmi.exe C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\security\cacerts C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Andorra C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7 C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Maputo C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dominica C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\LICENSE C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Edmonton C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guatemala C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\bin\dcpr.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9 C:\Windows\System32\MsiExec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e57c534.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57c534.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICAF3.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F86417000FF} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC709.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57c536.msi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\System32\msiexec.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B9A6E32-36C9-4946-B78C-3F58E3785EC1}\Policy = "3" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B9A6E32-36C9-4946-B78C-3F58E3785EC1}\AppName = "unpack200.exe" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B9A6E32-36C9-4946-B78C-3F58E3785EC1}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "3" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ACTIVEX COMPATIBILITY\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B9A6E32-36C9-4946-B78C-3F58E3785EC1} C:\Windows\System32\MsiExec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0256-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0324-ABCDEFFEDCBA} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0130-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0186-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0334-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0390-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_13" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBB} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0221-ABCDEFFEDCBB} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_42" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_50" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0004-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0088-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0235-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0175-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0264-ABCDEFFEDCBA} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0213-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_17" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0225-ABCDEFFEDCBB} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0134-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0174-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0137-ABCDEFFEDCBC}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0309-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_309" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0117-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0313-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_52" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0177-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0335-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0041-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0297-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_297" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0060-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_14" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0231-ABCDEFFEDCBC} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0036-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_62" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0048-ABCDEFFEDCBB} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0073-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_73" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0342-ABCDEFFEDCBC} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0071-ABCDEFFEDCBA} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0367-ABCDEFFEDCBC}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0037-ABCDEFFEDCBC} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0263-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_263" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0370-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0084-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0264-ABCDEFFEDCBC}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0206-ABCDEFFEDCBA} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0210-ABCDEFFEDCBA} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0291-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_291" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0049-ABCDEFFEDCBA} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0191-ABCDEFFEDCBC} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0063-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0035-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBC} C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0339-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0277-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0104-ABCDEFFEDCBA} C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB} C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0295-ABCDEFFEDCBC} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0155-ABCDEFFEDCBC}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0199-ABCDEFFEDCBC} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0073-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_73" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0347-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBC}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0166-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0308-ABCDEFFEDCBC}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0378-ABCDEFFEDCBA} C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0372-ABCDEFFEDCBC} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0072-ABCDEFFEDCBA} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0089-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_89" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0161-ABCDEFFEDCBC}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0288-ABCDEFFEDCBC} C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0211-ABCDEFFEDCBB} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0331-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0075-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_75" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0118-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0126-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_126" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0132-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_20" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0114-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0209-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0159-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_159" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0335-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBB} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0011-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0047-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_47" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0105-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0089-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0076-ABCDEFFEDCBB} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBC} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0235-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0273-ABCDEFFEDCBB} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0337-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_337" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0145-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0254-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0093-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0104-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0174-ABCDEFFEDCBC}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0087-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0137-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBB}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0276-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0135-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0202-ABCDEFFEDCBB} C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0089-ABCDEFFEDCBC} C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0360-ABCDEFFEDCBC}\INPROCSERVER32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0048-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0221-ABCDEFFEDCBA} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0274-ABCDEFFEDCBA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_13" C:\Windows\System32\MsiExec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2628 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\jre-7-windows-x64.exe C:\Windows\System32\msiexec.exe
PID 2628 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\jre-7-windows-x64.exe C:\Windows\System32\msiexec.exe
PID 3052 wrote to memory of 924 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3052 wrote to memory of 924 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2676 wrote to memory of 976 N/A C:\Windows\System32\msiexec.exe C:\Users\Admin\AppData\Local\Temp\MSI8F14.tmp
PID 2676 wrote to memory of 976 N/A C:\Windows\System32\msiexec.exe C:\Users\Admin\AppData\Local\Temp\MSI8F14.tmp
PID 2676 wrote to memory of 976 N/A C:\Windows\System32\msiexec.exe C:\Users\Admin\AppData\Local\Temp\MSI8F14.tmp
PID 3052 wrote to memory of 404 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 3052 wrote to memory of 404 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 3052 wrote to memory of 996 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3052 wrote to memory of 996 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 996 wrote to memory of 3756 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\unpack200.exe
PID 996 wrote to memory of 3756 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\unpack200.exe
PID 996 wrote to memory of 2712 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\unpack200.exe
PID 996 wrote to memory of 2712 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\unpack200.exe
PID 996 wrote to memory of 168 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\unpack200.exe
PID 996 wrote to memory of 168 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\unpack200.exe
PID 996 wrote to memory of 1212 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\unpack200.exe
PID 996 wrote to memory of 1212 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\unpack200.exe
PID 996 wrote to memory of 4332 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\unpack200.exe
PID 996 wrote to memory of 4332 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\unpack200.exe
PID 996 wrote to memory of 2544 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\unpack200.exe
PID 996 wrote to memory of 2544 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\unpack200.exe
PID 996 wrote to memory of 884 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\unpack200.exe
PID 996 wrote to memory of 884 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\unpack200.exe
PID 996 wrote to memory of 3304 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\javaw.exe
PID 996 wrote to memory of 3304 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\javaw.exe
PID 996 wrote to memory of 3340 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\javaw.exe
PID 996 wrote to memory of 3340 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\Java\jre7\bin\javaw.exe
PID 3340 wrote to memory of 4068 N/A C:\Program Files\Java\jre7\bin\javaw.exe C:\Windows\SYSTEM32\cmd.exe
PID 3340 wrote to memory of 4068 N/A C:\Program Files\Java\jre7\bin\javaw.exe C:\Windows\SYSTEM32\cmd.exe
PID 4068 wrote to memory of 3652 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 4068 wrote to memory of 3652 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3340 wrote to memory of 2248 N/A C:\Program Files\Java\jre7\bin\javaw.exe C:\Windows\SYSTEM32\cmd.exe
PID 3340 wrote to memory of 2248 N/A C:\Program Files\Java\jre7\bin\javaw.exe C:\Windows\SYSTEM32\cmd.exe
PID 2248 wrote to memory of 4472 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2248 wrote to memory of 4472 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3340 wrote to memory of 3220 N/A C:\Program Files\Java\jre7\bin\javaw.exe C:\Windows\SYSTEM32\cmd.exe
PID 3340 wrote to memory of 3220 N/A C:\Program Files\Java\jre7\bin\javaw.exe C:\Windows\SYSTEM32\cmd.exe
PID 3220 wrote to memory of 4192 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3220 wrote to memory of 4192 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3340 wrote to memory of 4232 N/A C:\Program Files\Java\jre7\bin\javaw.exe C:\Windows\SYSTEM32\cmd.exe
PID 3340 wrote to memory of 4232 N/A C:\Program Files\Java\jre7\bin\javaw.exe C:\Windows\SYSTEM32\cmd.exe
PID 4232 wrote to memory of 2336 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 4232 wrote to memory of 2336 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3340 wrote to memory of 3664 N/A C:\Program Files\Java\jre7\bin\javaw.exe C:\Windows\SYSTEM32\cmd.exe
PID 3340 wrote to memory of 3664 N/A C:\Program Files\Java\jre7\bin\javaw.exe C:\Windows\SYSTEM32\cmd.exe
PID 3664 wrote to memory of 652 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3664 wrote to memory of 652 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\jre-7-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jre-7-windows-x64.exe"

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_x64\jre1.7.0.msi" SKIPLICENSE=1 PROG=0 ENDDIALOG=0

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 75B5A2ED0057F1F98D7027B8A7DAC7A1 C

C:\Users\Admin\AppData\Local\Temp\MSI8F14.tmp

"C:\Users\Admin\AppData\Local\Temp\MSI8F14.tmp" C:\Program Files\Java\jre7\;C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 1DF3D77C01A9755CE29105421FA88E02 E Global\MSI0000

C:\Program Files\Java\jre7\bin\unpack200.exe

"C:\Program Files\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre7\lib\rt.pack" "C:\Program Files\Java\jre7\lib\rt.jar"

C:\Program Files\Java\jre7\bin\unpack200.exe

"C:\Program Files\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre7\lib\charsets.pack" "C:\Program Files\Java\jre7\lib\charsets.jar"

C:\Program Files\Java\jre7\bin\unpack200.exe

"C:\Program Files\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre7\lib\deploy.pack" "C:\Program Files\Java\jre7\lib\deploy.jar"

C:\Program Files\Java\jre7\bin\unpack200.exe

"C:\Program Files\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre7\lib\javaws.pack" "C:\Program Files\Java\jre7\lib\javaws.jar"

C:\Program Files\Java\jre7\bin\unpack200.exe

"C:\Program Files\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre7\lib\plugin.pack" "C:\Program Files\Java\jre7\lib\plugin.jar"

C:\Program Files\Java\jre7\bin\unpack200.exe

"C:\Program Files\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre7\lib\jsse.pack" "C:\Program Files\Java\jre7\lib\jsse.jar"

C:\Program Files\Java\jre7\bin\unpack200.exe

"C:\Program Files\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre7\lib\ext\localedata.pack" "C:\Program Files\Java\jre7\lib\ext\localedata.jar"

C:\Program Files\Java\jre7\bin\javaw.exe

"C:\Program Files\Java\jre7\bin\javaw.exe" -Xshare:dump

C:\Program Files\Java\jre7\bin\javaw.exe

"C:\Program Files\Java\jre7\bin\javaw.exe" com.sun.servicetag.Installer -source "Windows JRE installer"

C:\Windows\SYSTEM32\cmd.exe

cmd /C WMIC computersystem get model

C:\Windows\System32\Wbem\WMIC.exe

WMIC computersystem get model

C:\Windows\SYSTEM32\cmd.exe

cmd /C WMIC computersystem get model

C:\Windows\System32\Wbem\WMIC.exe

WMIC computersystem get model

C:\Windows\SYSTEM32\cmd.exe

cmd /C WMIC computersystem get manufacturer

C:\Windows\System32\Wbem\WMIC.exe

WMIC computersystem get manufacturer

C:\Windows\SYSTEM32\cmd.exe

cmd /C WMIC bios get serialnumber

C:\Windows\System32\Wbem\WMIC.exe

WMIC bios get serialnumber

C:\Windows\SYSTEM32\cmd.exe

cmd /C WMIC cpu get manufacturer

C:\Windows\System32\Wbem\WMIC.exe

WMIC cpu get manufacturer

Network

Country Destination Domain Proto
US 8.8.8.8:53 j2se.east.sun.com udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp

Files

memory/2628-3-0x0000000002620000-0x0000000002621000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_x64\jre1.7.0.msi

MD5 ea3253c22e37439c6a38fa37411ab5ef
SHA1 83a75ff882559684fcfaec181b33340df4d510fa
SHA256 c67002fea6b11d867525669a66303acf16f87ea4dd35dfb6a01b455aa19b3af4
SHA512 f8e5f96fe435817d2235e42a7a07a221244f0bc45a8b09aa391023b29e8786e3e72c26cbe4d174942901865fbf5f41c8f0ba62519d12d834291a5b57cdec063f

C:\Users\Admin\AppData\Local\Temp\MSI8E07.tmp

MD5 06d5c06abcc4f3098de8664ef0bd5752
SHA1 c69fd86f1d976c48c3d62f2a537afc13336ca16b
SHA256 8eb9be16f9e835ce034b8d619aa149d8b91aa07f27bc97a447fddee7f70b86b2
SHA512 53f92baa35323c12b087e894c0fa5b002d7f4bb16120d524ff3677b20676437de07525ae82ba7176ca322530fca83291586e0284ec07bfb83bf90bda32fc9605

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 ecbd15c3ee5d6fe790a48c8b1d27f3a8
SHA1 274008df68d7a3df7503b1a13cd4fb40df03cf02
SHA256 f44070df4b9f231b330de0a042ef72c6a21292cfb932883efdc14f085fcd84df
SHA512 b00a9f64fddaa2f05fe834930a2c108c8d21e87ff66ef6d2b644ffeca45a7740445ce2ee7cfd2cd30eb57969f5627566ea9f7a5860a4e7ebf22252052fd66e51

C:\Users\Admin\AppData\Local\Temp\MSI8F14.tmp

MD5 dfe5ccf09261598200c2f3bc719198f2
SHA1 c4753cb9850a3dce59167bb4fa4b462e66f6be13
SHA256 71234b8f7c72ecde74078c82f8ddfabdcbf3a4b5835f0eb543d68771471ff0fb
SHA512 372e704d947281381750005df512744caa8daff84082ffc4c6fb6b44e23986bd721f3a3644a86a3a07fe773a535f3fb25998e11fa437b5c744198fcd7832cdf3

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_x64\Data1.cab

MD5 a79985b3fc773e95d53fcd75bd49eb39
SHA1 23781e9830a9e4aa3c1e1759ca58de8778cef372
SHA256 eedc58fc91d9fd1fad37150851a14e74d95c8200cb04d15d4ac9fbe55467cd8a
SHA512 9882f68a4c01b36e2995923b737be7e67a73d0af93ae3552839205dde161659d4bc78be82213b8afa251f8a241108ba378561deb30ad5e2a82bc7030ebee8608

C:\Program Files\Java\jre7\core.zip

MD5 c4b5d1ff4e9feb5d45d688e725cff3bd
SHA1 38a01fea91b622b432ed90f11988b2028bbbccf6
SHA256 06ae8bba4978103de20dc4b1da99055902a259e0cd8c59fe50724f9a99cddb09
SHA512 52040e59469ee654379e319a8a8d16eb8d2ac7fe7a8deb29cbf9e42780b9da98efcf644ea6d5d491b7610b426d063153b1fb8b77d5c44818513392a90dd28e5d

C:\Program Files\Java\jre7\lib\zi\GMT

MD5 7da9aa0de33b521b3399a4ffd4078bdb
SHA1 f188a712f77103d544d4acf91d13dbc664c67034
SHA256 0a526439ed04845ce94f7e9ae55c689ad01e1493f3b30c5c2b434a31fa33a43d
SHA512 9d2170571a58aed23f29fc465c2b14db3511e88907e017c010d452ecdf7a77299020d71f8b621a86e94dd2774a5418612d381e39335f92e287a4f451ee90cfb6

C:\Program Files\Java\jre7\bin\unpack200.exe

MD5 492b3907cef29e61188972c71e1a173a
SHA1 23e33317f7dc79a856fa88667d903c31303fc902
SHA256 e80b9d6057727ca00046d16b793e3df61df4ebedf9ebdb17b944eaca673867fa
SHA512 9fb5f31989a465d9c7d220ffc71eec8b02a06173fae7dc9c352b5dd55510df5be90b11da8167950b2800dd50643b376a1d6fe81a59787961c473bd129b233fba

C:\Program Files\Java\jre7\bin\MSVCR100.dll

MD5 aed6d63cfa5a3ef7021af9c457fee994
SHA1 f6ad746ef520b03df6cf0f5a2512d0df964c4688
SHA256 b4bfa27f677295b00a1df9a7e14db4b75cac2dd41b898d4e9a378eccce3699f0
SHA512 5573b17eb19d13cc96df5d66ef60cc8ff98e1ac9d8582a870ed2befa28ee271fb41741a92aa703234150fceadf4a436d10b8a6518c1816d0c804eb1261650d2d

C:\Program Files\Java\jre7\lib\rt.pack

MD5 f43dfcffbb0eb0d4aa5a203d8dd6f06e
SHA1 a9e09781f140dd1dfac0928c9f9037f77d56a3b8
SHA256 316b05889d817b04f78ffb7a22cff4dc625d835c36dcbf9113409e30ec926fdd
SHA512 cfd3a1b578455187bc1213d42d20d3ced459a28afbb5f04b21d14e9c0f2fa7e61024e50d61c0632736d76b32aa00f3f6e414a3e9a52ad9eac835ee6573df9dce

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 b75741bb23bdabf82b20818afdaab195
SHA1 12cfb0f4d857987bc088ec3105f760f69c293495
SHA256 40bed9c20ab4d5cd4446b7da06c7517e6d8d9f4e8a60d6c0a9407648edcbe373
SHA512 f3a270a01ce18b6a91871d2bbd0999e9c6dd0548144123efc7c4ea20847c7aac761024fff3c3125ce52714a3fbf3b9c28d7ebe59ff52e2d56a0c156a8d12c0b2

memory/2628-682-0x0000000002620000-0x0000000002621000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 afa447e0d2f6dff46013e529675186f7
SHA1 200c9eaed5e6bad242d1d9768b1548e15428f905
SHA256 29879683dafe306f09cf6e24ddfe5e9e6ba933241e4d0c7048e1e72a6c795a27
SHA512 24da493db1ebe43288139706431e15f6e692c02205f28de4d5aaf543b06fe53db7ead01574ad77bca930d197833933614701fd1e8f5d54cb156c7c020da8d3e4

C:\Program Files\Java\jre7\lib\charsets.pack

MD5 7a58efb239c367ade5bcbd7f214ff582
SHA1 96caec61769113e08b02ad95be1dff9fa0adbc68
SHA256 87dc9cd9fa16d11797ce57e586c64c878fde6fe6507d7cf39afd260af8ae7a30
SHA512 2b454b19822ece0653b3a5bb1ef58858a355a40869f3fabaa522170d12c79e0dc8df3c0ca79a25660a2c7d3a5437636c0313eac27003ce1939fc85f0d77f61f2

C:\Program Files\Java\jre7\lib\deploy.pack

MD5 a621e71030aba50df687417adb199931
SHA1 acec50209ab5520277dce7012358ea4ce63b12e7
SHA256 fe34c6a1a9b8ec8db207f2cc44b719feaa677d7c3038cd3772973b599dfba2bb
SHA512 c34557df27c316800f8c2d78556d316a514b8f67dfc7050291ba74403ef75d47a5488e29c24957568c13f59001fce14502ddfd34649ff3b580c928cbbf861aac

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 2b71bce160f126cdbd9f64c94fd1f0d6
SHA1 fe115ee2a963379113f30a147779d844dabec214
SHA256 fe40644fbd2d54f115bbbf7a68de803389881100c00ee65cf264ac0cab744558
SHA512 5eb450556b1bb4b7d91b2eac2737c3bda0137d949939806898f5c9433d89373f1ce7f8e72853fe482bebc30f3272e71c11e3018f9209e1819e48c1364900c692

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 1ba71b68054a8781e5757d57c3cc8dd5
SHA1 a09e6ef719fc1174e7dce05679598ac4102c49e2
SHA256 29ace40e318d669b19e9437ff860730cf53250bd1cf34d0e96ef1cb3b49da735
SHA512 9c37809e83e762114e4e8e6788a047b401ede25f47fb196c6b10d401823140d5b5ab207cb54146510bc50ab7a2149e8b4d7c23b2325a7bf65fd15bc557fb5840

C:\Program Files\Java\jre7\lib\plugin.pack

MD5 5c23ec07c0fb59d7f4518ceb1302cafe
SHA1 10ec9d21ff6159a0f9e32eaa8d354fa41a93a7c9
SHA256 072b025316ecc5788f1f037897b0f8feb287e580af37a6437ae3d84b2ed63b11
SHA512 da308d4687367681c0c739b995a495a1f6a2932fd57b79c4bbad55ff9eef3cacbb772c78b25f6a599bbe0a1cc4331b835978b95bedf94a629231c88022b83e2f

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 a09fdfc661eba18f2e507f07bf5764a3
SHA1 addef49e02070a9e0f006d3235f330872c299565
SHA256 c6727145474ab6a74b1da2d3befa5e2a7b78d93b8323a2deeaebe1e540b08fc3
SHA512 741de5accd1c4c93d0e0c6fa0c312e6a3d93d73129b862a172b1616c3b5e89181495c24a961422d06688fde9cf7bc1a1f82697eeb935b20f494753a14fd98ce9

C:\Program Files\Java\jre7\lib\jsse.pack

MD5 dfa4a139cdafb785b4c03673b3143ad4
SHA1 3dce4d0f1380564526e2e9cea19c1c1fe80ce5ef
SHA256 f3ba640d2723831229de490a7417fbe99687d1f36078bebf2afe4202015e3641
SHA512 bfb016cc370d2785469502805b70ef140c5ce8ed56717b7adefec8f73ae2129a95940f2974882fdcea2b7d6a2ed22cffaf8b771fb78a2e0c779cb621cf18e325

C:\Program Files\Java\jre7\lib\ext\localedata.pack

MD5 4755ce4f5670589e48acde6d74142b2a
SHA1 831916577dcd4dbe901ee526760b01cddf273934
SHA256 b3b5098a5230da8d9a23d75f94762f6763d15825325ee444da71d034c30d84aa
SHA512 e71d6dd3229ada0f009d557d5d6cac77bb5bac51ac1ea34605e20f08b7579ed77fea84a79d190f1b64c54a8ef2d5d2714a6c2bc3428d6e01b7a092177d464840

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 39f635017ec7c14e4154c42739c6f568
SHA1 29e2e42eb5db64172c47a858ea142e10f58d91f7
SHA256 6847c625da595de9d8872f4463631c622c3c926003a3c481be66a830cfcee2e2
SHA512 3e4d08f00b06613aed47ed01f5a3342d46fac796872b458a5a5b21ae7fed822877fe901438d52dfdd488b09a08a6dc201f8752ecaa8a10109e43a08091d094f5

\Program Files\Java\jre7\bin\deploy.dll

MD5 a1f493d8148de635ba007180dcf6b00b
SHA1 5013b8c71bb997cf629c31b0abb8b1e3e732c98f
SHA256 10646bbc29ce23c0987cf1973620e36c0adf7c112993eb49a2cbc3df9e2a7d1a
SHA512 aab53bb0d181cd8535b865627bf94bfff8e8b7c1a63155a6541c442b29ceaa13e1d9b9fce3d0a4707f93801b9fa1b32d18cd95d6fa6ca99d8625ffe99471d2f6

C:\Users\Admin\AppData\Local\Temp\java_install_reg.log

MD5 a16857c56b2d8343f40838dfeafe9bb4
SHA1 c701219e28291a3710bf8f73193b9bee5344ed3d
SHA256 029f8da0c82b08c4f7b0ae08ace1c8dec6d43efd8b4cd93cc0e16dfe7c363708
SHA512 de7a036f784c9387ae2c70329c0d8a70e1e2cc1b64f966062035dc83684bb62eea2f9da305fade83cc51a339fd4938bea1cb61a4ef8a4762374d2db57b21cf76

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd

MD5 89e917da75df238d8bee0039a80fd7cf
SHA1 766eee697545105a3fb3c1b75b074b0d72ae635c
SHA256 906021f55f6c815533431726d854af3b2f4f23ad87888af604ddeb2cb5ff9652
SHA512 24ca1b863f352948a3e3c35144450f3dea8933dd3bc3d218c6ef8edf6bb910c54335810c00996f5c80a30b95316f3d1cd4353cd68ba0c30a66fa6ed7a03c3b77

memory/3304-821-0x0000000003070000-0x0000000006070000-memory.dmp

memory/3304-822-0x0000000001170000-0x0000000001171000-memory.dmp

memory/3340-834-0x0000000002830000-0x0000000005830000-memory.dmp

memory/3340-840-0x0000000002670000-0x0000000002671000-memory.dmp

C:\Config.Msi\e57c535.rbs

MD5 844af25fa06bf8d9fff84e2f52180219
SHA1 4246b6f1936aa3c8883c6fa63558c3b35837e701
SHA256 a1d9f638e9feda858d4bcde9d892bb0ad95d636e4b377e22a204b66b826cb5f4
SHA512 0d32a355e4c5ffdf0717ea55c1ec0e326134ecfa3b90e58d3844408caf96f29973af72800bca7c53d34dd752fb1b25eff70f1bb0a016cc41d215ffa6b85668fa

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 4e6b29a979e542b57e1803b8d8163528
SHA1 fe121f23a46d9003a9ef90b62a6bba3b6b4843a3
SHA256 c263937f8958501b936831bde794eb6594099b722cfdd203e8ef1ab1f3b35d79
SHA512 e3f1223e89714e506a742667f2ecf94287f83186dcfa8ff1f905472ee68b14ed21eb1e15a8a2da2e3f9537da30052166feb5d0bf2c04f839cfb9427f7e4f266c