Malware Analysis Report

2025-01-18 21:18

Sample ID 240322-tyw9hadg43
Target jre-8u152-windows-i586.exe
SHA256 0655b87ee3af08a457be6058e14ca904db4d69c89661e07883119ba9ff4703e8
Tags
adware discovery stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0655b87ee3af08a457be6058e14ca904db4d69c89661e07883119ba9ff4703e8

Threat Level: Shows suspicious behavior

The file jre-8u152-windows-i586.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware discovery stealer

Loads dropped DLL

Executes dropped EXE

Modifies file permissions

Blocklisted process makes network request

Installs/modifies Browser Helper Object

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Checks processor information in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-22 16:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-22 16:28

Reported

2024-03-22 16:36

Platform

win7-20240221-en

Max time kernel

71s

Max time network

377s

Command Line

"C:\Users\Admin\AppData\Local\Temp\jre-8u152-windows-i586.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jre-8u152-windows-i586.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache\259471502.tmp\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache\259471502.tmp\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache\259471502.tmp\bspatch.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsAccessBridge-64.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Windows\SysWOW64\WindowsAccessBridge-32.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\java_crw_demo.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\msvcp140.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\deploy\[email protected] C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\ucrtbase.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\net.properties C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\security\blacklist C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\security\trusted.libraries C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\JavaAccessBridge-32.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\jpeg.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\prism_common.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\client\classes.jsa C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaw.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\zip.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\ext\nashorn.jar C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\security\policy\unlimited\local_policy.jar C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\COPYRIGHT C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\api-ms-win-core-processenvironment-l1-1-0.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\prism_d3d.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\api-ms-win-core-console-l1-1-0.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\api-ms-win-core-handle-l1-1-0.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\security\blacklisted.certs C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\tzmappings C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\api-ms-win-core-file-l1-1-0.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\tzdb.dat C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\ext\jfxrt.jar C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\images\cursors\win32_CopyDrop32x32.gif C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\security\policy\limited\US_export_policy.jar C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\jfxmedia.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\servertool.exe C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\verify.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\deploy\messages_pt_BR.properties C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\fonts\LucidaTypewriterBold.ttf C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\fonts\LucidaTypewriterRegular.ttf C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\java.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\fonts\LucidaBrightItalic.ttf C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\deploy.pack C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\jp2iexp.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\sunec.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\management\jmxremote.password.template C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\THIRDPARTYLICENSEREADME.txt C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\api-ms-win-core-util-l1-1-0.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\api-ms-win-crt-string-l1-1-0.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\keytool.exe C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\images\cursors\win32_CopyNoDrop32x32.gif C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\jfr.jar C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\ext\zipfs.jar C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\jsse.pack C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaws.exe C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\psfontj2d.properties C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\ext\localedata.pack C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\api-ms-win-core-file-l1-2-0.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\api-ms-win-core-profile-l1-1-0.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\dtplugin\deployJava1.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\dt_socket.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\deploy\messages_fr.properties C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\images\cursors\cursors.properties C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\jfr\profile.jfc C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\management-agent.jar C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\api-ms-win-core-timezone-l1-1-0.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\api-ms-win-crt-multibyte-l1-1-0.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\bin\plugin2\msvcr100.dll C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\ext\sunmscapi.jar C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\images\cursors\invalid32x32.gif C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_152\lib\security\java.security C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI29D8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2C88.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2D63.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f771902.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7718fd.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f7718fd.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f771900.ipi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Windows\\SysWOW64" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0033-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0034-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_34" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0035-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0031-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_31" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0042-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0054-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_54" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0049-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0031-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0036-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0034-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_34" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0038-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0049-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0052-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_52" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_15" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0040-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0048-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_07" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0034-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0039-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_13" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0042-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0046-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0047-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0047-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0042-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_42" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0048-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0051-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0033-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0043-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0047-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0044-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0033-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0039-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0045-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_45" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_18" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0033-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JNLPFile C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_25" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0053-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ = "Java(tm) Plug-In 2 SSV Helper" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0034-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0044-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_44" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InProcServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_28" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0042-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0031-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0038-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0043-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_09" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0035-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0037-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_15" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0036-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_36" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0044-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\TypeLib\ = "{5852F5E0-8BF4-11D4-A245-0080C6F74284}" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0051-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\jnlps\Shell C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_29" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0034-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_34" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\jnlps\ = "URL:jnlps Protocol" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_15" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0044-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_26" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0043-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2238110250F\SourceList\PackageName = "jre1.8.0_152.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_14" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_30" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0032-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0035-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_35" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0047-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2238110250F\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\LocalLow\\Oracle\\Java\\jre1.8.0_152\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0048-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_152\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\APPLICATION/X-JAVA-JNLP-FILE C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1176 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\jre-8u152-windows-i586.exe C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe
PID 1176 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\jre-8u152-windows-i586.exe C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe
PID 1176 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\jre-8u152-windows-i586.exe C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe
PID 1176 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\jre-8u152-windows-i586.exe C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe
PID 1176 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\jre-8u152-windows-i586.exe C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe
PID 1176 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\jre-8u152-windows-i586.exe C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe
PID 1176 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\jre-8u152-windows-i586.exe C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe
PID 2940 wrote to memory of 1272 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2940 wrote to memory of 1272 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2940 wrote to memory of 1272 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2940 wrote to memory of 1272 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2940 wrote to memory of 1272 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2940 wrote to memory of 1272 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2940 wrote to memory of 1272 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2940 wrote to memory of 1952 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe
PID 2940 wrote to memory of 1952 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe
PID 2940 wrote to memory of 1952 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe
PID 2940 wrote to memory of 1952 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe
PID 2940 wrote to memory of 1952 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe
PID 2940 wrote to memory of 1952 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe
PID 2940 wrote to memory of 1952 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe
PID 1952 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2560 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2560 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2560 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2560 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2544 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2544 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2544 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2544 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 552 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 552 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 552 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 552 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2680 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2680 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2680 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 2680 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 3032 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 3032 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 3032 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 3032 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe
PID 1952 wrote to memory of 1060 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaw.exe
PID 1952 wrote to memory of 1060 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaw.exe
PID 1952 wrote to memory of 1060 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaw.exe
PID 1952 wrote to memory of 1060 N/A C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaw.exe

Processes

C:\Users\Admin\AppData\Local\Temp\jre-8u152-windows-i586.exe

"C:\Users\Admin\AppData\Local\Temp\jre-8u152-windows-i586.exe"

C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe

"C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DBAD0E81128112A7DE245C966EFC4E27

C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe

"C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_152\\" REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F32180152F0}

C:\ProgramData\Oracle\Java\installcache\259471502.tmp\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_152\lib/plugin.pack" "C:\Program Files (x86)\Java\jre1.8.0_152\lib/plugin.jar"

C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_152\lib/javaws.pack" "C:\Program Files (x86)\Java\jre1.8.0_152\lib/javaws.jar"

C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_152\lib/deploy.pack" "C:\Program Files (x86)\Java\jre1.8.0_152\lib/deploy.jar"

C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_152\lib/rt.pack" "C:\Program Files (x86)\Java\jre1.8.0_152\lib/rt.jar"

C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_152\lib/jsse.pack" "C:\Program Files (x86)\Java\jre1.8.0_152\lib/jsse.jar"

C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_152\lib/charsets.pack" "C:\Program Files (x86)\Java\jre1.8.0_152\lib/charsets.jar"

C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_152\lib/ext/localedata.pack" "C:\Program Files (x86)\Java\jre1.8.0_152\lib/ext/localedata.jar"

C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaw.exe

"C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaw.exe" -Xshare:dump

C:\Program Files (x86)\Java\jre1.8.0_152\bin\ssvagent.exe

"C:\Program Files (x86)\Java\jre1.8.0_152\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaws.exe

"C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files (x86)\Java\jre1.8.0_152\bin\jp2launcher.exe

"C:\Program Files (x86)\Java\jre1.8.0_152\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_152" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUyXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUyXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE1MlxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8xNTJcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE1MlxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUyXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUyXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\SysWOW64\icacls.exe

"C:\Windows\system32\icacls.exe" C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x528

C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaws.exe

"C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files (x86)\Java\jre1.8.0_152\bin\jp2launcher.exe

"C:\Program Files (x86)\Java\jre1.8.0_152\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_152" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUyXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUyXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE1MlxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8xNTJcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE1MlxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUyXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUyXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 104.84.88.195:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.sun.com udp
GB 104.77.160.206:80 rps-svcs.sun.com tcp

Files

\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe

MD5 4f0734355475fe249b9703423c4e13b0
SHA1 77e4247de19b1faea9d33768a863b4ff92ad50e6
SHA256 6535bfe34e092b75ae3ae5b1de6a70895737bdde4f380ad2961d4d6be390e189
SHA512 1e4066d5570bc3604fb5d8dbffc91809cea8dcc4a723ec126b8f9aec0a73bd2939386bf06d83c41e7f5ec57c35ccb0e60c3d2dc6feb07af09f4132d9874725ab

C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe

MD5 88a5b8c74353bea7fec191c35d81126c
SHA1 26f973e077b5db537d55308ca2f57ff9a8874449
SHA256 322bff066efb79a919d16df971e7a3be0444bf40a291ea94ee1835b4ea4f61b4
SHA512 6a532edc2aaa46940a3132e3f6e17772c993e0e5a1936fe7409ed0c9fd277aad70bb6f65b7b2b3a78e025244a32c85db1715610a37861302e65c46301dcf0a28

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 3483d1f25e454f06c6713eacf22517f9
SHA1 68f91db40ca1a9c6a99d3e76c12ab4ddaca35f05
SHA256 dbe16a058a40cb751f4ac823e6fc15c375e498da95a3b6f0573680d63f25bb3a
SHA512 ac208dbd20b887a78e63c7b05f0626a0a9329e72c5b130f75fc744490f128e8e00c63ad18d4b53f5e9a79de6cf4c13b0b6bb08aaa30c560076011fed25642796

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 eadd88ec0dd9b4cfaaa0f44d453cd2ce
SHA1 4e0fc043a6b4e18318359b67df916ba306407176
SHA256 529f1754934c9a5370521f6b9613c070dd212bfc4b8c456520d756f5e75bdcb7
SHA512 073fc91abd34c910ea71b4471f20fdbd9a50117dfabbfacf2bbaa1c3e95a547abbf627d3649c6a1c0e44256f1b753c82212f35202de28c2a2807c76e87132cfe

C:\Users\Admin\AppData\Local\Temp\jds259432564.tmp\jre-8u152-windows-i586.exe

MD5 92a242f3914ebe99fda25884dfba9bcd
SHA1 5003bf10cb03cca4dc4d320f5674a8ff6b50974c
SHA256 a4df67e2bcf1cb7187802e892dcabebfb18aa8b90ada78c6e8132a65bef4c50a
SHA512 1a6abd737f8c22ee4193a2f7292cf9f443993fd23234de94a7562530372b1e4e5cb3d06b38bad8ed939e181efe17e0cb9a96685952dddb281a93eded359c9d2b

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_152\jre1.8.0_152.msi

MD5 16c42261cd14a068a996e2e886d07331
SHA1 62131b6e99981b01598f99a2c8fed8d4e3ff45da
SHA256 3a7643b4aedc428f17305cfd88368c1003a87e9aaecda7245142cc2b633a9249
SHA512 23bcf3f810da12a419ed5b686e5a6e1e383f642f9d8f884879adddb625d50390fd08a1f28023403ef12dcd7bfc446dc80d414a0877fe28aa0f8b48004e8b2b75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25bca7a439ecb836be00a3fc522869e7
SHA1 5fad98a28d62b074994d2bd5f88b7b8332d9ef93
SHA256 b2618c375bcb09a24c629fbc3f4b8feb562b14e931fb23157beecef92677669d
SHA512 2f5570a72d861b9b5f2f1507255391a60a074d71ae13a3537a62d839cabcb04beda63247c9b58b66658e0d17b04b44d1bbf7ad98d1421d7d2c359466022275bb

C:\Users\Admin\AppData\Local\Temp\Cab200E.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar217C.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Windows\Installer\MSI29D8.tmp

MD5 9ce88fd743652d9e08c36152de9eb24d
SHA1 de0b51a8a7415bfc32ddb37fc3f73e6e771e0e59
SHA256 fb74f382e8a99bfb29682901915995238a3c0ad64107552d5fad00ed87bb018d
SHA512 77044c290f394b209a30ed510a82f4a1d59720c35253dbe26172efb991a9e6080abe743712ee06aace82f1e9f6dcde5a9c0492c1fd15653e0580ffec761bfc58

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 327a5f1c17d9cfabc477d0a29145311d
SHA1 be037e632dbe1a0073a91affa5a8565e9b0a3fdc
SHA256 18f5db2dfbaec8ce23dc1e2aa1a666026c4088381d423bd149f2bea4282bc51c
SHA512 c62580dddfe68a84849064602487c22625f6d7d7ff05ad5c8c94ccbc326e74a17d82ec1ee4633f4c9d8925288efbe16267678749c8fcfd1b2e72e8068e526926

C:\Windows\Installer\f7718fd.msi

MD5 9eafc1d99c5635574f149941bc1661c4
SHA1 11547ad7396997e38eb6bab6910f9c7e31dfd826
SHA256 35805fde3e2133fc467b85247cb23319f72a98c92731ea4d74a724dba6c2193e
SHA512 f141db9c6ba1b125a540db0d9362fa6336af74cdeb365d9a53e00df25a6ddde196fb8a1f48dd7489ac57359354f923e8fd98f59c05dcbb757a9c881913e8d2ae

C:\Program Files (x86)\Java\jre1.8.0_152\installer.exe

MD5 db6754c0ac9d4e58bf0c8ec5c9c94f36
SHA1 a86a72d31ae0df05aa02fc5b0aa33ff3ed48cc4b
SHA256 f53fa391033100d0b8f54b1fc0c980627f1cefda06c5c18fcd02b9122428d42d
SHA512 6e5ac61593b159eb8195a9bc1fd79628c32808ee621e736a5fe6575aff40ae0e5c71cea35e63a4abd50a398dbd11bdaa480eaed58fa158a44dcd38402a08102c

C:\Windows\Installer\f771902.msi

MD5 ca5cda9aa690b1b7f6c32992d1b82b6f
SHA1 e3748abfb0e4a57540b595a758d488200e75ca26
SHA256 389ff11ff508e395a76517eb1afd74a65ddef0185f3b26838ffcdfef2a26dc76
SHA512 d53686d81613d72db9ee217606fe5d4cfb85460a49ca29cfe811075018140c5b2b6b347e16d017635d178824d049c0d489f2153c97e78143985330806f6349a1

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 cf50e8dfa0af1750f106134174ed2f65
SHA1 31cda6f41a96ab3711cfb1015672cf4860893f23
SHA256 015134fab66ee8f04b56a18491998dc760c2ea73e3be7cfb6b75274859145820
SHA512 dc476c8ff8f45d881ad5fe99d2d43b71039a657a74754ee1e36aefba68d10c8f8679f398dec18c1e9eba7f5f81f790881e374c65c28ff6ea3b94fccfac814f45

\ProgramData\Oracle\Java\installcache\259471502.tmp\bspatch.exe

MD5 e76d957ac6885bf081878194f44db859
SHA1 1ac280ccb177c9179c9af048c40870bbd66545af
SHA256 6e660254360d0dcdc3909797b2106b212a54f8ab0cdbf62799010cff3956b054
SHA512 4d1c6900073e9893d9762f19f87db475b9e790807042f42bd0c34a81e8868ebb4444a297a7858ff1a86e4539c6f32e3788a9f92721c7e88a51061a3a34878693

C:\ProgramData\Oracle\Java\installcache\259471502.tmp\baseimagefam8

MD5 84e9b18eb550c33315a1a5eca36c5f50
SHA1 754e915a57208499d5f1735e371bff11dcf39921
SHA256 1e3a57fdfc591177fa6c00c5462dbebcfb74e65c06d1716a2114625cc0b88597
SHA512 57123e4418715b8b6428cb237fc19016002e14b82a1cbabad66493316e0588bc4b18d0e6d5f9232813bec65ab2c5e5ba7b73fec52b78e5c27e128264147210c2

C:\ProgramData\Oracle\Java\installcache\259471502.tmp\diff

MD5 84a610b2e5ac0310227bd4359aee7903
SHA1 a6e2da86c4b3396db0bd41b2689aec6a896f1fa4
SHA256 c516195324d460237d40d4cf9173b5c5b95f42d0b44d64e40c92d519d04355cb
SHA512 e22408fa505dd3d81ab043fe2c6703dab4d8c6488f9c490f81c1a552e3e0d0205e7d292c6e61858cd5c574752c1a805cd5558e2373952f63a817f27a94626da0

C:\ProgramData\Oracle\Java\installcache\259471502.tmp\newimage

MD5 a0451847575600b0abc4417bb157653a
SHA1 b6abce1dfdbffb12e5a8c518950c194907f1ff7f
SHA256 7322b9a8d1f5e385ad8511628baf1b0c8191fa895496555e445df7aa9210aa25
SHA512 6103188f9defec0edf72b0675153b926a7de4dc8e4e69fca237e1494b41e693c9660879c52c4992343654db2c455a6dae5a1d5ce4d48382344a34779b0e6f118

\Program Files (x86)\Java\jre1.8.0_152\bin\unpack200.exe

MD5 ebd43fb2f0b3013ded1f75d6e3d11e23
SHA1 bf3b2a1fedf042aca6a350357a624e7246cd62ab
SHA256 c8e6e927372fcfc5056469f42c3ac80a2cf3fa3317bed40ef1b985afc0d279ab
SHA512 e8b119f2a769834c452e631d6300391fc500966bc586f204d1eb4cd905804f5e2924556fe802910fc48047c7b5c3208cd79c3c82023c9c64956b3b0133c19381

C:\Program Files (x86)\Java\jre1.8.0_152\bin\MSVCR100.dll

MD5 bf38660a9125935658cfa3e53fdc7d65
SHA1 0b51fb415ec89848f339f8989d323bea722bfd70
SHA256 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA512 25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

C:\Program Files (x86)\Java\jre1.8.0_152\lib\plugin.pack

MD5 38fd09bd44b951315f266e565d842322
SHA1 681f7ecb46f93f32a5cf13f70743f36a9b6eb83c
SHA256 6ec8461c738a8deec64a5658332c7cbbd4d909816f14fc44ba6d2c10d8ae8b05
SHA512 c167bb9eca5b84ad560b4d511b9ea7715b79ddfc7838197e12c586e0fbaa76cd5062a4346921db766e648cf6bd95a00f0b99d71c603b1313b7eb20ed0bb7c8a2

C:\Program Files (x86)\Java\jre1.8.0_152\lib\javaws.pack

MD5 f56f7c39e0f723dc4d99328b70909728
SHA1 b5e69c1a89b25cb8274cf362dd36062b8a23f18d
SHA256 fe5eec8cab4e15a282d893791de2b8fb64b7817dbb18ff3cb2aacb49197187a4
SHA512 05287503822048fe96eb054d61761462b291d81144fa3c5e1e3735d38e7e490366ca2668f1c2da56caa676fbbfbdd943fb5f7f89120f2daee9add776a4c9c0a7

\Program Files (x86)\Java\jre1.8.0_152\bin\msvcr100.dll

MD5 370d6644520b7ba4c119e072f7ba1596
SHA1 8ff8fcc5e952875514c3db46d6d4a3e648acfe20
SHA256 fd3453821c784649f6a197e74dc0d58b468eaa5781673c33d4355c99e8475bca
SHA512 0e7cb904f5a27d1897d9593ea80ce6cdf29c2d7175c608d8e8bfc6d78483349b6a86eb5a5962128706410bef4bdacbecbf00eef83471f42fafd153e34bb7922f

C:\Program Files (x86)\Java\jre1.8.0_152\lib\deploy.pack

MD5 1d4ca6f5390d756b0a13059a4ab88045
SHA1 75f569cd6617872daf6050eaa00f618cf1375979
SHA256 0dcf6251c231005cbb526090dc18526dcabb9a3579efb29c667a4ef3f4ec299a
SHA512 6ea0561424ee6771e8d7abd5546ddfd265cae8110aed506e5cc81f2f8b227fa1bfcc8b95442d829402f456a5f36717e6b8ce1d9f00bdffe1b97fc6c605fc3f3e

C:\Program Files (x86)\Java\jre1.8.0_152\lib\rt.pack

MD5 bba14f9905bbd4bc445e5e77ddb343cb
SHA1 1ae2ac20f6568beeb0897066423fb0887ddeeb76
SHA256 74a64e2b08352fc597f4856a6d8fc66a9facce3d57ccb9d6a3ca2f5273136d1e
SHA512 6e559cd037d05c9ff1b34ca9af022454390752d9f302f943c49a3dba74889d1d86ca8388214b47b02a3051f945858dec85d8533c0751486d97c0ee3e59fafcbf

\Program Files (x86)\Java\jre1.8.0_152\bin\msvcr100.dll

MD5 bf3ee5135438223e3ce8a1ca6f18babb
SHA1 2b8d9eaae10988db3ac2019a9b9eac228b872092
SHA256 e76a61ffbef10a4e01b4cb1439cedb50e535c002786b3956f102161e71aee8c2
SHA512 fd3e0ef692fd45d96c40e9607e62da1781f46e1e4fc722989467b9d9282df4edcc2a93afe4aa97050b553c2a0e526a1c7b45d977fc6fc595cc25a20fb3614a3a

C:\Program Files (x86)\Java\jre1.8.0_152\lib\jsse.pack

MD5 79d957841a0ea65496ca48f0524e7929
SHA1 e22548a473bacc57d1b3f948295e8b192a634d64
SHA256 f33ee14c1f2636f302fe62d15dd1c0005cd89bf00f15ce61f6c894544a4359eb
SHA512 a96675302b5c8ef4a6f502a9c12ea46d83f713e10de84d19dd64de754575a85d90ff3487aec75273e7ed8d4b7f9104e3f5e6bd106bf059b0108b50abcf3af48c

C:\Program Files (x86)\Java\jre1.8.0_152\lib\charsets.pack

MD5 4d9574d97e1a3a82734ff34167377ec3
SHA1 0eba755e430d241bcf209af3d5eb7d45a406fe94
SHA256 81b3097fbd739303c55b89838f97df30b4a11c04f27600ff5b1f4d1c8042eb63
SHA512 e3e7081399d97e7b45dc1052a02a8e282874ab202fb77f2a50a97e0f35103ba622c946a2a71a68ed228b85c991128d8d6345f687360e6b22234659f2496fc8f1

C:\Program Files (x86)\Java\jre1.8.0_152\lib\ext\localedata.pack

MD5 5db17dde1ad4a483fd7dacef8994c5e3
SHA1 87b93128a49e32c416e615bdeaa55c1c29eeaa8c
SHA256 390a98e8f7d0e4b55045c6fc81c6b2a29be9b2da3126d9244d13ad2eda62ed2e
SHA512 9e2d7cc8ac21743e74435b53105e1d8d990ffc2faf32c72ed4bb99b0235e8503d0576491e8deb0c6f5f1a100a6d6fcffa9669bf9c925f235063c72992eff9f04

\Program Files (x86)\Java\jre1.8.0_152\bin\msvcr100.dll

MD5 f4a8855fef90fa538c237aa026742212
SHA1 8590382a05024e1c2e7315877fb4c58b1424d6dc
SHA256 3797aeeda4f11d5d794d234e0eeedd8f043745a8e3cddd9a049f29b56f8fe2d4
SHA512 2fdbcb354a176aec363161b39cfb57d7d102b95dba5346a553f4d36a4c7c0235a4d8a26476c445b3e4ee5c2c6307cc03dd7ca9f20047831b5287215dce7cb3e6

\Program Files (x86)\Java\jre1.8.0_152\bin\java.dll

MD5 23eaa3e5481a45d45bd91ff6858f051f
SHA1 5a16ce6317835fa0e66cfc9ec8bc98e70c2138a1
SHA256 aec45bc37dcc297039c362d6ba44ef8988940a25adc3cf47334f396b98bed536
SHA512 66db3779cd09c140d1f2e0cd136d61c84f56980aa16a92675bd3b102406cc2fa812745674c27bae7094c2809ee26d85800d0528e8bc104576cafdc0dbfe162e2

C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaw.exe

MD5 9c6b8f39f0405f6890f8e8666814be05
SHA1 cccab0676a80b9a09584cb10ea14d26d6b6abe39
SHA256 36724a134cbd030721381a47442e5ddad255ce6f27259f7e0a3e9f9f6c470c08
SHA512 93850e8e10ee90a0f26d2b2cf448e9b8c9f8561f466ba9a10aa246bae4a5ab147ca6b44fc129c6bc9c8946617842e3452d5a808b7fa4758fab38805abe204d69

\Program Files (x86)\Java\jre1.8.0_152\bin\java.dll

MD5 5b9edc25baf1ec11b00c459bce333386
SHA1 31a4960f7536dcea70dbca3e712c761f8001f808
SHA256 e4b5e3dbb9d217d52ac38b16ec73b7fbcafeefb220faff32024b1cc8da17cfeb
SHA512 2ed501222af7fed65f167dc3b45c55bd315b644af90087b7a543783f6f1703cef488e33d85eb538db52f48a13030ed175e9a0cdc9936bc6015fa7083af0fb104

\Program Files (x86)\Java\jre1.8.0_152\bin\javaw.exe

MD5 2d6bb00238aafdefb46191b4a05bdf92
SHA1 e2a3fb8fc3adba0929373afea649464c47470855
SHA256 53b8539afb64b7a9db3ea2158169c1bc47b4f6f1e2ee6bfa8303998bf134bdef
SHA512 3ea355fbbd867f23ba1474cd1ee48b5ced630da7c6038dc2c46d3193dbe3eff26eaeaf9cce30c74517272901782a1f3aae89b329c6d038d65daa4c7e5544c54c

C:\Program Files (x86)\Java\jre1.8.0_152\bin\verify.dll

MD5 fa035c166d3b2898b264a8104cf04608
SHA1 9948a99db8d1df6cf67c30adf455112d77fc020d
SHA256 c49985ff31326a6249012e6703a3d4eafae5be34ad65291fae06a7343f2171b2
SHA512 1849ba6f281f834621219c45defd48810b5145c20100540ac5032a3429446de7bf122a1da5e73d28f4615e2be67b618463b091f05bf264419941d8ac5ee0d73e

\Program Files (x86)\Java\jre1.8.0_152\bin\client\jvm.dll

MD5 4309be0f0b70ae7acde3c4463e9ab8e5
SHA1 f8ef44527c5a1ff9a999daa3e004f082b33bdd03
SHA256 b878bbe9c3045566919b427a57ac9d2f8b2c6eed554c5a6a0bd2dd32fd3fd471
SHA512 868c1723600dc23cb62cb39dd7cc2d28bb4dd9472e640cdf0e9f101ad525d8d29be5390b69410d9275f811843771a8410cac908dd7fadd4cf804e064ef32ff16

\Program Files (x86)\Java\jre1.8.0_152\bin\verify.dll

MD5 04c47bfd559b29c07d005436e7976743
SHA1 27328b15b1c78325b5a9e7bcb22959a500ba5400
SHA256 76f3226e351e70415e98fbac4a26c7b55b65c3f10b60aeb8e6c1c2ee303efd83
SHA512 c2a1582214d50bd888252f945331eb7a98f91f57f753aedb281bec942f848ed6cb8aef5c9980f5970cb794270f5c67d0a95651ed7200a2564f47ed26c96c96bf

C:\Program Files (x86)\Java\jre1.8.0_152\bin\client\jvm.dll

MD5 a9635aa875796096cde0a6e4c320121e
SHA1 1d60a6a90320c8b36a46f39884635c6a29bec060
SHA256 94353268278083157db58ec79caf40efe12d5c8540b4579563d25d58a409508c
SHA512 c0168420324fa28ff0653b03216de2b5b53a24341b12909ce8a4a8472a922b5e3e1f663a54c36aca9345c48d7f21738cc7502019661bd3a5ac0da06e61f5ab11

\Program Files (x86)\Java\jre1.8.0_152\bin\msvcr100.dll

MD5 b3ba508ad52c2389a8c9d2b531eb1595
SHA1 9489028652d1a491d22fec9b610fc69e948ddf87
SHA256 b2c9597f58b4352fdc112ed5507c67bee8413a887a2bf2a024bb45f1ad877dc9
SHA512 992e87d7a5d739ff78c6e079c41ee4c06990556badbf2d585bdbd5b1bf2d93eedf00ed0fd9ee6772ae27e48ce254fa0350fe21da6f14566626e6f1e36484169a

C:\Program Files (x86)\Java\jre1.8.0_152\lib\i386\jvm.cfg

MD5 9aef14a90600cd453c4e472ba83c441f
SHA1 10c53c9fe9970d41a84cb45c883ea6c386482199
SHA256 9e86b24ff2b19d814bbaedd92df9f0e1ae86bf11a86a92989c9f91f959b736e1
SHA512 481562547bf9e37d270d9a2881ac9c86fc8f928b5c176e9baf6b8f7b72fb9827c84ef0c84b60894656a6e82dd141779b8d283c6e7a0e85d2829ea071c6db7d14

C:\Program Files (x86)\Java\jre1.8.0_152\bin\java.dll

MD5 db448bfd1ec74f34298b291cc145494a
SHA1 22ace2c6c4f21c8840f7b52948c532cb52580343
SHA256 63f6f7fed13632dc08dc38a0b51ad59830adaf3d078f795c90a26d820a97c148
SHA512 1ca2b38950f11b9b43c2125d5f69e7c88161e2d0b2266b22d170bb76514f40ca729fe1ffc421a313112d249ce9c0ebed719d143ed537f4092dab3156ce8592a6

\Program Files (x86)\Java\jre1.8.0_152\bin\zip.dll

MD5 9992e2ec55a544165b5e172274e01699
SHA1 2474190b92496c244070e3782ca07b390d8ab6d7
SHA256 a370eff4eb9c6c0cb2a351e96ab123ab4337b2fa7dfbdd4f2b6f2b1c41f87f70
SHA512 edc84df6ca32ae73f430ac58c5646970ccedc41f15e7997958bf39fb487282917dd2a5cd4fb50e8cd3d0c9898fe1f76df77d62fb06f16907d88c9149eb8fe611

C:\Program Files (x86)\Java\jre1.8.0_152\lib\jsse.jar

MD5 dcb72d2d9903649a3363ba58d180d4c1
SHA1 4509051ffa3428ac7ce1c5811799a25130500406
SHA256 8c0e1ebf63a1ec6ece77e882f9f7878b6644993dbd18c45b5af9864a164cf9a2
SHA512 c1d2b624d22197ca388974fc78b8744e7d670311706330618c5e9281c9a4dc540af25a0baaa5d5f95f49a64b09d49743cb25d19ba535c7e7f40a74256084e6a3

C:\Program Files (x86)\Java\jre1.8.0_152\lib\rt.jar

MD5 916b2d95a97b5af7f71d11b52d0c3726
SHA1 0d9db2cffc01e1e7f6fc97f2ccc6659874e4b609
SHA256 e8ac16fcf2ed482a6bba0cba9c357feeec7bbbc413c5ce79253ed33f28f5a0d1
SHA512 9d92e672897762947a0fbd179cf390bc759a8e44118d7b461ada5d83a74b2505e3db15db6ede41daca12abc8057b1bc6bf1c43ad26cf61efe7c285a58f727bd2

C:\Program Files (x86)\Java\jre1.8.0_152\lib\resources.jar

MD5 85ddc41400be5023c752d72020175d4c
SHA1 a61a73514ad8b6623250c884ff189c96028849ff
SHA256 d24ed9b066bf7f7c0b622c9d87b9cfbc94764bbaece48dcd87a9bdf2c80cb318
SHA512 02be4d19f371d3bf77c745f1d2e26a3b9305fe46784f374606ab51a11cbd34dc77a79ab6f8e0d8aa5e8e38dfe0732f4e77b4317cf5f7190d7d3aa86cfb1d2ab6

C:\Program Files (x86)\Java\jre1.8.0_152\lib\meta-index

MD5 91aa6ea7320140f30379f758d626e59d
SHA1 3be2febe28723b1033ccdaa110eaf59bbd6d1f96
SHA256 4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4
SHA512 03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

memory/1060-698-0x0000000002190000-0x0000000004190000-memory.dmp

memory/1060-702-0x0000000000130000-0x0000000000131000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

MD5 99d983415d850773c1f3467bdbfd87b4
SHA1 157dfae0e8f26245c1c6fa64260f82c18d1f1eb7
SHA256 d16338454bc7af4f79f4f720b76da850434955bcb640337598c449af0c273e24
SHA512 704b63e4f6e429f84d04a5c18311ca6d9a7fe4acbb6f301d93413fcbcd1eb1cffed63dddf2c56dfacdc40c28d7dcbb381ed13fec9a1efd7673bf4b23865afcdb

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 17555e8eddf3a810a963cf7c39c6f6b4
SHA1 b78a5a8c944c2f24634530b3c090a0e46a9bc576
SHA256 549ce88bac64b47f3bc08071e54d04070641c1cd02e80c55d365e525a34dd742
SHA512 ad570107b9436abd6681c80e1dd2445ae45786047e1f9dd848ed21b18161826d9682f2618a1ea6105bae2d8b7855df911f5d2405b710567074cbd3a9f9e3c794

C:\Program Files (x86)\Java\jre1.8.0_152\bin\javacpl.exe

MD5 ee24ce8c008da7c33b21ac034018d490
SHA1 e5888d515a6ae0ad97247f5e6758895c448db6d8
SHA256 802f3449c3cd047abb42aac981e9841177d8b3499ffc54f16e0a681fdbb606b3
SHA512 c5ec8f3159cf9a1156a06c4fb0118eebf28f2f132b7e31ecdc0e47586b069c0bc8d8061bcb21fef5ca63e3cb5ec43ac711a92a94da11ba9db85637431b805d50

C:\Program Files (x86)\Java\jre1.8.0_152\bin\javaws.exe

MD5 a9deb6be72c58f836bf681eef53b672f
SHA1 d0f3f5825e38cdafb8aae51c07a28076f086049d
SHA256 c3e8fc2104a48776b1e7226ddd942e5ff5ce430ea4c56b31b3418f4cdc3819e6
SHA512 d832a89b00723dd0b499cfc1ac64c48c897101a167911865e0e06eaa666f0ed9f3e1b419401d9a85b89a3d5dc30ec06c8793f63bad33d40077382bf997629ebf

C:\Program Files (x86)\Java\jre1.8.0_152\bin\dtplugin\npdeployJava1.dll

MD5 43cda53bf62a47f9cd0535fb474302ba
SHA1 2555deb9aeff4c2c80a766aa90766f00746d2edf
SHA256 41e6d27d57db0ef9e0045d2979909fdfb348b885d2aeb19dbde353bca5ac651e
SHA512 4ee40725f8cea838da7e2ee02d384a21b3d47fffe518954b9480fd03dee9fa2cdad5a6e597215066a70e2496fcc7a20912d4d94cf9f564a4aa493486de37f1a5

memory/2712-892-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-894-0x0000000002AA0000-0x0000000004AA0000-memory.dmp

memory/2712-897-0x0000000000470000-0x000000000047A000-memory.dmp

memory/2712-899-0x0000000000470000-0x000000000047A000-memory.dmp

memory/2712-907-0x0000000002AA0000-0x0000000004AA0000-memory.dmp

memory/2712-917-0x0000000002AA0000-0x0000000004AA0000-memory.dmp

memory/2712-918-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-922-0x0000000002AA0000-0x0000000004AA0000-memory.dmp

memory/2712-923-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-926-0x0000000002AA0000-0x0000000004AA0000-memory.dmp

memory/2712-928-0x0000000002AA0000-0x0000000004AA0000-memory.dmp

memory/2712-930-0x0000000002AA0000-0x0000000004AA0000-memory.dmp

memory/2712-936-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-939-0x0000000002AA0000-0x0000000004AA0000-memory.dmp

memory/2712-938-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-937-0x0000000002AA0000-0x0000000004AA0000-memory.dmp

memory/2712-948-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-946-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-941-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-951-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-954-0x0000000002AA0000-0x0000000004AA0000-memory.dmp

memory/2712-964-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-977-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-976-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-984-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-983-0x0000000002AA0000-0x0000000004AA0000-memory.dmp

memory/2712-992-0x0000000002AA0000-0x0000000004AA0000-memory.dmp

memory/2712-994-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-996-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-998-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-999-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2712-1006-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2764-1009-0x00000000002A0000-0x00000000002AA000-memory.dmp

memory/2764-1011-0x00000000002A0000-0x00000000002AA000-memory.dmp

memory/2764-1019-0x0000000002B90000-0x0000000004B90000-memory.dmp

memory/2764-1036-0x0000000002B90000-0x0000000004B90000-memory.dmp

memory/2764-1037-0x0000000002B90000-0x0000000004B90000-memory.dmp

memory/2764-1047-0x0000000002B90000-0x0000000004B90000-memory.dmp

memory/2764-1050-0x0000000002B90000-0x0000000004B90000-memory.dmp

memory/2764-1051-0x0000000000280000-0x0000000000281000-memory.dmp

memory/2764-1054-0x0000000000280000-0x0000000000281000-memory.dmp

memory/2764-1055-0x0000000002B90000-0x0000000004B90000-memory.dmp

memory/2764-1057-0x0000000002B90000-0x0000000004B90000-memory.dmp

memory/2764-1059-0x0000000002B90000-0x0000000004B90000-memory.dmp

memory/2764-1060-0x0000000002B90000-0x0000000004B90000-memory.dmp

memory/2764-1062-0x0000000002B90000-0x0000000004B90000-memory.dmp

memory/2764-1083-0x0000000002B90000-0x0000000004B90000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-22 16:28

Reported

2024-03-22 16:32

Platform

win10v2004-20240226-en

Max time kernel

134s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\jre-8u152-windows-i586.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds240598968.tmp\jre-8u152-windows-i586.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\jre-8u152-windows-i586.exe

"C:\Users\Admin\AppData\Local\Temp\jre-8u152-windows-i586.exe"

C:\Users\Admin\AppData\Local\Temp\jds240598968.tmp\jre-8u152-windows-i586.exe

"C:\Users\Admin\AppData\Local\Temp\jds240598968.tmp\jre-8u152-windows-i586.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 204.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
GB 104.84.88.195:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.sun.com udp
GB 104.77.160.202:80 rps-svcs.sun.com tcp
US 8.8.8.8:53 195.88.84.104.in-addr.arpa udp
US 8.8.8.8:53 202.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 203.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 178.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\jds240598968.tmp\jre-8u152-windows-i586.exe

MD5 4f1c21281892ac60f7c29452212f475e
SHA1 519185845a2e2d797eeae37db9578f2165da6106
SHA256 ab7126aa2c740d30fd870998c87ff568fa06fc138de97303c3d5b057b18de33c
SHA512 c3aeea9061407d1975429f8528620a52bec1afc68eac1f3363e172a43fabec1a186cd54c793d29b9830bdba58ec35c9587a99c39acdf8d29302717cf2ff01fa2

C:\Users\Admin\AppData\Local\Temp\jds240598968.tmp\jre-8u152-windows-i586.exe

MD5 2b1d05d35a3664285679c904a1775054
SHA1 4d35f2333360ea5dea48d151b2b97f19d64fa37b
SHA256 80a664fca5c78f1e6270c0ba27d8882d0cb2f8c3d5292ce58d6a126d46aa748f
SHA512 f6e96db0010d9c1b20748f7db0dab7815a3a09843f520adbd37b3588d15d36c203c263c66bb07062d04d87688eb5254890ac12e4004d3e34adbe676f080ee194

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 9dfebd07a3abf3b91410e4d2c6e75e16
SHA1 a3e9a34c459645e7bd8c5a68158824e47643c247
SHA256 eb15c4c92c56b30d380afcbf221bad9b1c6c21d95c0113eeedc03c35f2a4ca93
SHA512 dbf1d8c78265bf03280f25106e61682fa6ba6722cf004c69cbce27ac74e66c4f8a25d5e502fbb04136bd09ee5fb0554adf79a178238f94e158f606491124d2cc

memory/3640-91-0x000001C238C30000-0x000001C238C31000-memory.dmp

memory/3640-92-0x000001C238C30000-0x000001C238C31000-memory.dmp

memory/3640-93-0x000001C238C30000-0x000001C238C31000-memory.dmp

memory/3640-98-0x000001C238C30000-0x000001C238C31000-memory.dmp

memory/3640-97-0x000001C238C30000-0x000001C238C31000-memory.dmp

memory/3640-100-0x000001C238C30000-0x000001C238C31000-memory.dmp

memory/3640-99-0x000001C238C30000-0x000001C238C31000-memory.dmp

memory/3640-101-0x000001C238C30000-0x000001C238C31000-memory.dmp

memory/3640-102-0x000001C238C30000-0x000001C238C31000-memory.dmp

memory/3640-103-0x000001C238C30000-0x000001C238C31000-memory.dmp