Malware Analysis Report

2025-01-18 21:15

Sample ID 240322-srp16sdb33
Target jre-8u391-windows-x64.exe
SHA256 a7f72136d77af4947de1ce4660d79eae29a9782cc965dd0fd2d9dab87716ea67
Tags
adware persistence stealer
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

a7f72136d77af4947de1ce4660d79eae29a9782cc965dd0fd2d9dab87716ea67

Threat Level: Shows suspicious behavior

The file jre-8u391-windows-x64.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware persistence stealer

Blocklisted process makes network request

Enumerates connected drives

Installs/modifies Browser Helper Object

Drops file in System32 directory

Executes dropped EXE

Registers COM server for autorun

Loads dropped DLL

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Modifies data under HKEY_USERS

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-22 15:21

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-22 15:21

Reported

2024-03-22 15:24

Platform

win10v2004-20240226-en

Max time kernel

145s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\jre-8u391-windows-x64.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\jre-8u391-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jre-8u391-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds240611859.tmp\jre-8u391-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds240611859.tmp\jre-8u391-windows-x64.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 128.225.79.178.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 104.84.88.195:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 195.88.84.104.in-addr.arpa udp
US 8.8.8.8:53 rps-svcs.oracle.com udp
GB 104.84.88.195:443 rps-svcs.oracle.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 189.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 a917cbc0e66a0bcdee400dd0facb3bf8
SHA1 74023d65492057ea47dca40ec0443fcb00c4fdf1
SHA256 a32fe208cb8bd64ddf616c46abeb75e89b80099d15b22465eb7e161d9a9425ad
SHA512 0ca972d2e7543959fffa72c30ae45da925342a7e378b1721da03b62bfd2bdae95e6351cf65e8f6ac04d2a2c0d1a6355a13e3e04b94058b4c807fd322564707a8

C:\Users\Admin\AppData\Local\Temp\jds240611859.tmp\jre-8u391-windows-x64.exe

MD5 e32178ea59a4888f8fea2ae7bde50cb3
SHA1 fbe0825a578b7b90337ba8430793033de35521da
SHA256 e9ec204660f244c4bf09ffd685bea5fab0631aaa3dba384ad9c0e666c1c16479
SHA512 b63c57d0b1207f5a2adbfaedf43410854a861d0c94adfefb3e62bf52b41d6865625f5700128d8fce96b34c54d0032727bf726cae3f5788448d597f263b41b14d

C:\Users\Admin\AppData\Local\Temp\jds240611859.tmp\jre-8u391-windows-x64.exe

MD5 d9f88f47a8342432111220906fe3ccb7
SHA1 11dbb0f6885280ee46398c4ec9a72f697aa6384e
SHA256 0e65eafa73cf6dd1be7de467253416118cafd6ea2f7d28c2e9d943decac3d5d4
SHA512 4602192bb35e77e2feff879def3d1efaa5700dace6008710da4c74f93ca89a9e110ac648ae59b7d6fd18b5a0c1ee226246a07cb901c8c62241662ef3a820dca9

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 a1b731d1498e5894ba0fbded272c276e
SHA1 8c6fdd2a141fd258d392dabad9bdf8de4d7bdd01
SHA256 9ed7d0f9ae5a7ad00c294a0cf51d1ba7c9c9fe522a9360929adfb79b3a34c7af
SHA512 0986882e73030b57cb585c1c151d165d236f8351ecc17a72302609a0c1768e15408842825688cf4d530bb8e69a6545107a76b6171ef4b6a6e448a850656aa567

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-22 15:21

Reported

2024-03-22 15:24

Platform

win7-20240221-en

Max time kernel

121s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\jre-8u391-windows-x64.exe"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre-1.8\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre-1.8\installer.exe N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre-1.8\installer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\kinit.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\lcms.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzmappings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fontmanager.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\calendars.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2gss.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jawt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_font.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfxswt.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\classlist C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfr.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\resource.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\meta-index C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsoundds.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfxwebkit.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ktab.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\java.security C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\awt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.cpl C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\net.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\asm.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\deploy.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dcpr.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIDEDB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICC5D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICF7B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76b54e.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76b550.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICB91.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICEA0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID038.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID0F4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDF68.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76b54b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76b54b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC900.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICA96.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICD86.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDE2E.tmp C:\Windows\system32\msiexec.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jre-8u391-windows-x64.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0279-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0271-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0075-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0181-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0132-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0282-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0283-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0306-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0352-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0363-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0200-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0090-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0387-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0330-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0085-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0091-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0374-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0068-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0092-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0143-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0119-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0045-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0093-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0196-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0158-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0386-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0078-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0094-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0350-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0091-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0275-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0196-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0209-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0184-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0136-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0090-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0299-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0318-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0186-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0257-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0196-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0041-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0053-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0084-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files\Java\jre-1.8\installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0017-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0268-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0088-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_88" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0206-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_206" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0292-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0323-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0187-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0056-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0082-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0144-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0183-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0202-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0275-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0165-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_01" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0129-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0153-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0159-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0079-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0083-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0095-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0296-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0256-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0094-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0117-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0399-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0053-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0400-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0037-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0217-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0159-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0060-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0229-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0209-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0344-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0078-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0379-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0106-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0147-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_19" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0112-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_112" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0276-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0195-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0135-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0240-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0193-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0211-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0199-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0355-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0011-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0029-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0057-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0221-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0059-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0214-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0052-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0314-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0253-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_253" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0275-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0039-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0076-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0377-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_377" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0220-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0287-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_287" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0076-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_78" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0124-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0098-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0152-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_152" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0170-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0036-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0180-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_180" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0115-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0138-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0276-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0140-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0195-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0118-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0357-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0079-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0214-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0112-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0243-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0300-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0080-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0081-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_81" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0062-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0270-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0333-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0298-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_76" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0165-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0214-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\Implemented Categories C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0198-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0286-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0316-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_316" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0097-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1680 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\jre-8u391-windows-x64.exe C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe
PID 1680 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\jre-8u391-windows-x64.exe C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe
PID 1680 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\jre-8u391-windows-x64.exe C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe
PID 1704 wrote to memory of 1076 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 1704 wrote to memory of 1076 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 1704 wrote to memory of 1076 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 1704 wrote to memory of 1076 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 1704 wrote to memory of 1076 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 1704 wrote to memory of 2312 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre-1.8\installer.exe
PID 1704 wrote to memory of 2312 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre-1.8\installer.exe
PID 1704 wrote to memory of 2312 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre-1.8\installer.exe
PID 2312 wrote to memory of 1684 N/A C:\Program Files\Java\jre-1.8\installer.exe C:\Program Files\Java\jre-1.8\bin\javaw.exe
PID 2312 wrote to memory of 1684 N/A C:\Program Files\Java\jre-1.8\installer.exe C:\Program Files\Java\jre-1.8\bin\javaw.exe
PID 2312 wrote to memory of 1684 N/A C:\Program Files\Java\jre-1.8\installer.exe C:\Program Files\Java\jre-1.8\bin\javaw.exe
PID 2312 wrote to memory of 2460 N/A C:\Program Files\Java\jre-1.8\installer.exe C:\Program Files\Java\jre-1.8\bin\javaws.exe
PID 2312 wrote to memory of 2460 N/A C:\Program Files\Java\jre-1.8\installer.exe C:\Program Files\Java\jre-1.8\bin\javaws.exe
PID 2312 wrote to memory of 2460 N/A C:\Program Files\Java\jre-1.8\installer.exe C:\Program Files\Java\jre-1.8\bin\javaws.exe
PID 2460 wrote to memory of 2904 N/A C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
PID 2460 wrote to memory of 2904 N/A C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
PID 2460 wrote to memory of 2904 N/A C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

Processes

C:\Users\Admin\AppData\Local\Temp\jre-8u391-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jre-8u391-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding 85C03391B2715F17B705D7CFF1BA38A8

C:\Program Files\Java\jre-1.8\installer.exe

"C:\Program Files\Java\jre-1.8\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre-1.8\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={71324AE4-039E-4CA4-87B4-2F64180391F0}

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files\Java\jre-1.8\bin\javaws.exe

"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

Network

Country Destination Domain Proto
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 104.84.88.195:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.oracle.com udp
GB 104.84.88.195:443 rps-svcs.oracle.com tcp

Files

\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe

MD5 b3750b0b9ad74d57d4cb5801801ab6c0
SHA1 188fc679dfeca20c95d36527b79787beb03f9e51
SHA256 8ee0d00645d8a8327c4029a7bc30b749582b8440c66933b126efcc21af131f93
SHA512 ae4d6bb5306b44135f6c70bedcf5db749cf0bd5f6cc61626cd230d364294be4bcfd1aa0fe8ec480ecd5d6c1f9852e229dddaa6eeb6c28786947fe0cfaa4d591e

C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe

MD5 808bbb3837308007e8597ceb145dc89e
SHA1 50707e10932afd601e046ce8451aaf05d041faed
SHA256 9ba8351183f3f1651dc17847d9743f0b4e674ef482fac9c2849dff4f774b6916
SHA512 0f8bdaee1c47c8142fee518ca72796662177d487d9e0ff08ada580e0d9fed1c3075eba0bced3bea57496b94e8a69a4fdd0c1b058cb8b38fc47936979ac1b8361

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 fa50880957b9ab58a94e3295e4e21acc
SHA1 20189fdddacdc72229619408561770dd901f7b6d
SHA256 159e89e040350a5989cb6d775514d0991a482a21f0fe31735c779f1f7d8c7970
SHA512 7aa45baa2f7f123d81133b6c228cd84af50c91b178f4471f0ffb155f4f5982a3017358fddd6584b0cf5babc631483a326f56a09140280301f5b4c4a5b3e81c0a

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 7032dfd5f1fe256b5a6d54a99a88607c
SHA1 058e1e815f7a073c87518dd9f944a4b7e35828a0
SHA256 c2ff863d2a708ef5a6d124aeaf88cd1be72d1e0cbea7108d60400532444ffb97
SHA512 2929c8220cd257b658d9f28144ec90ae9f0e40909b25d8505d6a3526f18a388be6ab50b9cfd2cdb192b79e41a783ffc2c86e46060e984aed7ef5e8d5f121b066

C:\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe

MD5 b345550028487e3e966654a81a7d278f
SHA1 bd23fa9a842ca8fd72921af24a0b12ef3923b4ae
SHA256 7394638207c3b76665f5f16caa0dbd75fc1b1fb4ba4466fabdb4a045337caee2
SHA512 457a6c3a384ff1f131590cf0d877a61c4e0e29953404a060e232d76ba4bcbc3a60ff1b8b7655956b5840606bab5f7a40e48dfe90f23dc317490acb806136f9ad

\Users\Admin\AppData\Local\Temp\jds259413625.tmp\jre-8u391-windows-x64.exe

MD5 edf48896ac48ab2121915bc1bdabbb84
SHA1 d5de028e37c375aed077bf1be13d25e84c88c9eb
SHA256 23b0beb35500bf14eed92eb5920e9276d3d16bc7e4b415449b531357bcdd3d61
SHA512 5b17747757d8ec630efb50381f6dafad1f8382e2d5ae5511ba9af63d56c2d2dd437a81f8ef7f86a1a663148477777bb52fe51ead2b0a4e07b3bcdc0701eb7793

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_391_x64\jre1.8.0_39164.msi

MD5 0e28280938f6a3ee6c813d83ced0b413
SHA1 0b24123e59db839749b5b37b708eb27fa0638318
SHA256 d54ca3b967a815e216d46ccc20459a8f0a8de51d513adfb9d0fc16703318fe70
SHA512 96a3fe2b145dae3a71944465bb6bb6b4ead2dacbdd108fedb3a45ea6d4989c8c45836823881937b3041016655aed3b9f47a21867bfa47a6662038d4cf69028b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c2bc84e847df1e51ae46eebacb37cf3
SHA1 c4e9bc02c369cb18f8c461de8bf78391e4d5ef75
SHA256 10c8ad6b253ef28a7f707e77d79ef6b336259bf000b4b3e214739fa4c857d000
SHA512 f180a1c9a483d71ba5235d9f4e1400d9a2e62fd22eecfdd868e307e535ee9861bb0502da2fb86a1135c47fb20cc430b33b583ece4a1feeff99bd14a40ab67b2b

C:\Users\Admin\AppData\Local\Temp\CabC1AA.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarC362.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Windows\Installer\MSIC900.tmp

MD5 e088a41b5d907444802c8a8d66913d1c
SHA1 236c3d6888c17e72b9e0e40ecde0f4abda74c8c4
SHA256 75d1424b68397487b0b434c1befb77e16d0267e96a3890cbbf927b9ed12d16e3
SHA512 c7edffc745d877f3a5eda571a31a5ef359de6e97d4a17153879e5fdb8bb91754228754be115c00d5909aac9b89af4171d5222d345080907bcb21bf457e3ce8c6

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 a4ac3bb07a39a8f23e179d5f5cb3f5ac
SHA1 9b771a0d8774bdad1985344cffbe4017a973188a
SHA256 e562ddf1e5b04edb7fa9ebc8134b7fdeda4463dbfaeab66816b5e34548b535d5
SHA512 a2afcfdf39ea3d38a1bc7eaeef721eb0523086871137c7cc6fd32a24c4428bf991a09b895f107d5fb510d94a5cad501147377f911f146e2ccf6a7d3e9e172541

C:\Windows\Installer\f76b54b.msi

MD5 9642664a46bf851e456248bbaead2b79
SHA1 1be21a99f1fb795a67aa79941d463ee423a32fcc
SHA256 d879fe96744ed25a2a647220ee79ec16569a27355b932eb54c631cab0dc7bad1
SHA512 2efe8da7bcc87c0ee03aee970f2299354c0bc3108583345fd9821118628b7c021cea58c8fb1d3c6cd7f9ef030eb5bb7bf5f965ac1954684059f455d835a28ade

C:\Program Files\Java\jre-1.8\installer.exe

MD5 2bf25347083e0113a6e05faf6d6b158a
SHA1 3301de0964bafe11192ad99dca9d93caba29ee58
SHA256 fe70ac891e09956d25ae35a91a5b14bbc47bc5bcf5ba40d41af9f3bb639f8f1b
SHA512 b4f5a8373ee1275c19977ad51fe0f550af4fa7049946c1b6cec2be63443743c6e13a56308bbbd04f4b289723ddbb5265d10ed5f35be7253a6b2b35df22027948

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 4aac271e355207e61316a8d085f1d2cc
SHA1 d86d519fbb5e29fa10420993ff755e05b626774b
SHA256 91bb1bdd2edf1347e2b240bd4ed7bd82f57a7252476b80490fae568346199e20
SHA512 c1b70673072ee4c1d6ecd81ee06abc5b24d263087736e71749d42394e7cd475fd03785fe7191570646e9120a8523bf89c2064cedda0619ca0d47e28ff1d4ed89

C:\Program Files\Java\jre-1.8\lib\rt.jar

MD5 d8cf17ef3fa4bbcd209192d80b3c06cb
SHA1 9e6fcf5ccbe697c5b71c8aac7e67d37f4f1e37c6
SHA256 33dd74a603cef52c3c7e143e6b3968d2b035b23c18eaac15c00020dcf73fe6c6
SHA512 fb3cbc3202efe53df88fa83eba3b44930960cfe879c379aea246c82a0f46a8a7205e84ebbfebc9c43f6e4c5494c4ca0e4096d2e8bed2c4dcfca38f949c0ee965

C:\Windows\Installer\f76b550.msi

MD5 d4cd9ebba528ac6c46160765da25cb54
SHA1 fe3fbcbc4c511eeaaa43491441c9d68562f2a8ba
SHA256 c34c9b1b94a97feb427314d8c222fd773d85ef39bb795b4e88c2fb6c0cba6ebd
SHA512 a12fa42488b1a4e1ca7da4986152253e6d340efec5e48b8722c8d1ad454648364aaa10981da271132fa40c8e3edc1b8f0d95dbc80952799d3d92b578429bf622

C:\Program Files\Java\jre-1.8\bin\javaw.exe

MD5 ac934c38285053e6e840c6b345990099
SHA1 9f7628dd7fdeedf8faa0a2d60f9931b4f6b4c8d2
SHA256 afbd2d3987d3d6d7e06a27ad6960f0ec6e3ca59f32bf710bae445f81cbe1ad84
SHA512 bcb07ec62c1e623570d575a090c8c73607f0e9354b265d853bc3658eebafe262b9229471d84afa26828af7d754f1b6436860b98b93bf2db2a1c3c6c3c7babc63

\Program Files\Java\jre-1.8\bin\java.dll

MD5 db426eab3976fa7e62dc8f30a4788dc1
SHA1 de9038b05603e4317665615adba4be5dfa008f39
SHA256 c77c57fd2b9da5ea9221a2b2973bb6084e1aa631bb0f2f22e7ef9f849d392a3a
SHA512 1179f972ed7d209ac37e625e801c1c4dc24ae3bba1e3120e6c646c650f1225068771fe9e106d1f2f9cfed96ceefddae5ebb91bf51af9d3cd8732fa1f4eb38ca1

C:\Program Files\Java\jre-1.8\bin\server\jvm.dll

MD5 0b9961e08fab744b0c05cdebb17a4975
SHA1 979a6d62e5fcd86be9f78508a443ca918bad553c
SHA256 7f24e25f412ef307f88d917752745fe078cb88fb8af5cc932fecda8525292b90
SHA512 8a65f941f1b4d04b607f3a1dfedbe336b47bc7e39fe2a6be1f8358e5c71a858ca273321f5fb97b9efdd72138316a8377b69f37dba2bf5c0bde0499870f0b96a1

C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll

MD5 7415c1cc63a0c46983e2a32581daefee
SHA1 5f8534d79c84ac45ad09b5a702c8c5c288eae240
SHA256 475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1
SHA512 3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg

MD5 499f2a4e0a25a41c1ff80df2d073e4fd
SHA1 e2469cbe07e92d817637be4e889ebb74c3c46253
SHA256 80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb
SHA512 7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll

MD5 f1a23c251fcbb7041496352ec9bcffbe
SHA1 be4a00642ec82465bc7b3d0cc07d4e8df72094e8
SHA256 d899c2f061952b3b97ab9cdbca2450290b0f005909ddd243ed0f4c511d32c198
SHA512 31f8c5cd3b6e153073e2e2edf0ca8072d0f787784f1611a57219349c1d57d6798a3adbd6942b0f16cef781634dd8691a5ec0b506df21b24cb70aee5523a03fd9

C:\Program Files\Java\jre-1.8\bin\ucrtbase.DLL

MD5 849959a003fa63c5a42ae87929fcd18b
SHA1 d1b80b3265e31a2b5d8d7da6183146bbd5fb791b
SHA256 6238cbfe9f57c142b75e153c399c478d492252fda8cb40ee539c2dcb0f2eb232
SHA512 64958dabdb94d21b59254c2f074db5d51e914ddbc8437452115dff369b0c134e50462c3fdbbc14b6fa809a6ee19ab2fb83d654061601cc175cddcb7d74778e09

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll

MD5 9b79965f06fd756a5efde11e8d373108
SHA1 3b9de8bf6b912f19f7742ad34a875cbe2b5ffa50
SHA256 1a916c0db285deb02c0b9df4d08dad5ea95700a6a812ea067bd637a91101a9f6
SHA512 7d4155c00d65c3554e90575178a80d20dc7c80d543c4b5c4c3f508f0811482515638fe513e291b82f958b4d7a63c9876be4e368557b07ff062961197ed4286fb

\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll

MD5 8906279245f7385b189a6b0b67df2d7c
SHA1 fcf03d9043a2daafe8e28dee0b130513677227e4
SHA256 f5183b8d7462c01031992267fe85680ab9c5b279bedc0b25ab219f7c2184766f
SHA512 67cac89ae58cc715976107f3bdf279b1e78945afd07e6f657e076d78e92ee1a98e3e7b8feae295af5ce35e00c804f3f53a890895badb1eed32377d85c21672b9

\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll

MD5 55b2eb7f17f82b2096e94bca9d2db901
SHA1 44d85f1b1134ee7a609165e9c142188c0f0b17e0
SHA256 f9d3f380023a4c45e74170fe69b32bca506ee1e1fbe670d965d5b50c616da0cb
SHA512 0cf0770f5965a83f546253decfa967d8f85c340b5f6ea220d3caa14245f3cdb37c53bf8d3da6c35297b22a3fa88e7621202634f6b3649d7d9c166a221d3456a5

\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll

MD5 721b60b85094851c06d572f0bd5d88cd
SHA1 4d0ee4d717aeb9c35da8621a545d3e2b9f19b4e7
SHA256 dac867476caa42ff8df8f5dfe869ffd56a18dadee17d47889afb69ed6519afbf
SHA512 430a91fcecde4c8cc4ac7eb9b4c6619243ab244ee88c34c9e93ca918e54bd42b08aca8ea4475d4c0f5fa95241e4aacb3206cbae863e92d15528c8e7c9f45601b

\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll

MD5 91a2ae3c4eb79cf748e15a58108409ad
SHA1 d402b9df99723ea26a141bfc640d78eaf0b0111b
SHA256 b0eda99eabd32fefecc478fd9fe7439a3f646a864fdab4ec3c1f18574b5f8b34
SHA512 8527af610c1e2101b6f336a142b1a85ac9c19bb3af4ad4a245cfb6fd602dc185da0f7803358067099475102f3a8f10a834dc75b56d3e6ded2ed833c00ad217ed

\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll

MD5 5a72a803df2b425d5aaff21f0f064011
SHA1 4b31963d981c07a7ab2a0d1a706067c539c55ec5
SHA256 629e52ba4e2dca91b10ef7729a1722888e01284eed7dda6030d0a1ec46c94086
SHA512 bf44997c405c2ba80100eb0f2ff7304938fc69e4d7ae3eac52b3c236c3188e80c9f18bda226b5f4fde0112320e74c198ad985f9ffd7cea99aca22980c39c7f69

\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll

MD5 7e8b61d27a9d04e28d4dae0bfa0902ed
SHA1 861a7b31022915f26fb49c79ac357c65782c9f4b
SHA256 1ef06c600c451e66e744b2ca356b7f4b7b88ba2f52ec7795858d21525848ac8c
SHA512 1c5b35026937b45beb76cb8d79334a306342c57a8e36cc15d633458582fc8f7d9ab70ace7a92144288c6c017f33ecfc20477a04432619b40a21c9cda8d249f6d

\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll

MD5 1ed0b196ab58edb58fcf84e1739c63ce
SHA1 ac7d6c77629bdee1df7e380cc9559e09d51d75b7
SHA256 8664222823e122fca724620fd8b72187fc5336c737d891d3cef85f4f533b8de2
SHA512 e1fa7f14f39c97aaa3104f3e13098626b5f7cfd665ba52dcb2312a329639aaf5083a9177e4686d11c4213e28acc40e2c027988074b6cc13c5016d5c5e9ef897b

memory/1684-760-0x0000000002030000-0x0000000003030000-memory.dmp

memory/1684-761-0x0000000000220000-0x0000000000221000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

MD5 625bd85c8b8661c2d42626fc892ee663
SHA1 86c29abb8b229f2d982df62119a23976a15996d9
SHA256 63c2e3467e162e24664b3de62d8eeb6a290a8ffcdf315d90e6ca14248bc0a13a
SHA512 07708de888204e698f72d8a8778ed504e0fe4d159191efb48b815852e3997b50a27ba0bc8d9586c6fb4844166f38f5f9026a89bbbc3627e78121373982656f12

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 6684bd30905590fb5053b97bfce355bc
SHA1 41f6b2b3d719bc36743037ae2896c3d5674e8af7
SHA256 aa4868d35b6b3390752a5e34ab8e5cba90217e920b8fb8a0f8e46edc1cc95a20
SHA512 1748ab352ba2af943a9cd60724c4c34b46f3c1e6112df0c373fa9ba8cb956eb548049a0ac0f4dccff6b5f243ff2d6d210661f0c77b9e1e3d241a404b86d54644

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk

MD5 b5e1de7d05841796c6d96dfe5b8b338c
SHA1 c7c64e5b35d0cca1a5c98a1c68e1e5d4c8b72547
SHA256 062cb9dec2b2ce02c633fc442d1a23e910e602548a54a54c8310b0dde9ae074d
SHA512 963a89b04f34bc00fea5b8e0f9648596c428beac2db30d8b0932974b15c0eb90b7c801ba6fa1082ea9d133258f393ae27e61f27fd3b3951f5c2e4b8c6a212c2d

memory/2904-923-0x00000000023A0000-0x00000000033A0000-memory.dmp

memory/2904-934-0x0000000000120000-0x0000000000121000-memory.dmp

memory/2904-936-0x00000000023A0000-0x00000000033A0000-memory.dmp