Malware Analysis Report

2025-01-18 21:13

Sample ID 240323-1h5dhach67
Target JavaSetup8u401.exe
SHA256 936cee4941ca401e556ece5206dc4d9fc70c3660aaecf27cdb6c4d1ca5252ee3
Tags
adware persistence stealer
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

936cee4941ca401e556ece5206dc4d9fc70c3660aaecf27cdb6c4d1ca5252ee3

Threat Level: Shows suspicious behavior

The file JavaSetup8u401.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware persistence stealer

Enumerates connected drives

Installs/modifies Browser Helper Object

Drops file in System32 directory

Drops file in Program Files directory

Registers COM server for autorun

Executes dropped EXE

Drops file in Windows directory

Loads dropped DLL

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Checks processor information in registry

Suspicious use of WriteProcessMemory

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-23 21:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-23 21:39

Reported

2024-03-23 21:42

Platform

win7-20240221-en

Max time kernel

133s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe"

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsAccessBridge-32.dll C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsAccessBridge-32.dll C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
File created C:\Windows\SysWOW64\WindowsAccessBridge-64.dll C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\deploy\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\JAWTAccessBridge-32.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\glass.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\security\policy\limited\local_policy.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\javafx\jpeg_fx.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\jsound.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\xerces.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\java.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\ucrtbase.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\content-types.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\API-MS-Win-core-xstate-l2-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\jp2native.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\xalan.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\security\javaws.policy C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\ecc.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\deploy\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\WindowsAccessBridge-32.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\nio.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\msvcp140_1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\cmm\PYCC.pf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\glib-lite.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\fxplugins.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\xmlresolver.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\client\Xusage.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\dcpr.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\jfxswt.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\jopt-simple.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\deploy\messages_pt_BR.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_259426137\java.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\logging.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\lcms.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\ext\dnsns.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\relaxngcc.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_259426137\javaws.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\flavormap.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\sunmscapi.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI7803.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI790F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7BFF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f767224.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7737.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI79AC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7B82.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f767229.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI75BE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7852.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f767227.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7C6E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f767224.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI76A9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI77B4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7A39.tmp C:\Windows\system32\msiexec.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0284-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0079-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0104-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0123-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0253-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0363-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0081-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0097-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0227-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0052-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0185-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0224-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0407-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0212-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0113-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0152-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0124-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0144-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0096-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0167-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0206-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0401-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0166-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0054-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0059-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0108-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0009-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0033-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0389-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0076-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0125-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0185-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0228-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0307-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0328-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0396-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0052-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0118-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0321-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0243-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0327-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0104-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0113-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0200-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0332-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0379-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0047-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Windows\\SysWOW64" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppPath = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\Policy = "3" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppName = "jp2launcher.exe" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0271-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0000-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0288-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0043-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0232-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_232" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0332-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0121-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0021-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0112-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0336-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0107-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0278-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_63" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_29" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0158-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_158" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0359-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0360-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0089-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0111-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0115-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_115" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0069-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_13" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0089-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_89" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0374-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0378-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0167-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0291-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_291" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0105-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_105" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0173-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_173" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0104-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0116-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0250-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0368-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0129-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0086-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_86" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0132-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_132" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0160-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0095-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_95" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0239-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0135-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_135" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0205-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0285-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0162-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_162" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0110-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0066-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0202-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0165-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_165" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0211-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0283-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0334-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_334" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0026-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0109-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0312-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0048-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0099-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0228-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0190-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_190" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0381-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_381" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0392-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_392" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0094-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0195-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_57" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0193-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0089-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0045-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0154-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0244-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_39" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0108-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0236-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0136-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0351-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0117-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0177-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_177" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0361-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0081-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0204-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_204" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0387-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0061-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0145-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0108-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_108" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0402-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0404-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\VersionIndependentProgID C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0181-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_181" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_06" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0210-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_03" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0168-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0188-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0246-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_26" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0071-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0085-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0037-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0212-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_212" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0023-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0077-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_77" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0097-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0126-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0151-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_151" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2112 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe
PID 2112 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe
PID 2112 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe
PID 2112 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe
PID 2112 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe
PID 2112 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe
PID 2112 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe
PID 2960 wrote to memory of 588 N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 2960 wrote to memory of 588 N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 2960 wrote to memory of 588 N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 2960 wrote to memory of 588 N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 2960 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 2960 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 2960 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 2960 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 2912 wrote to memory of 2596 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2912 wrote to memory of 2596 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2912 wrote to memory of 2596 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2912 wrote to memory of 2596 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2912 wrote to memory of 2596 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2912 wrote to memory of 2596 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2912 wrote to memory of 2596 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2912 wrote to memory of 1208 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe
PID 2912 wrote to memory of 1208 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe
PID 2912 wrote to memory of 1208 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe
PID 2912 wrote to memory of 1208 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe
PID 2912 wrote to memory of 1208 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe
PID 2912 wrote to memory of 1208 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe
PID 2912 wrote to memory of 1208 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe
PID 1208 wrote to memory of 324 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
PID 1208 wrote to memory of 324 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
PID 1208 wrote to memory of 324 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
PID 1208 wrote to memory of 324 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
PID 1208 wrote to memory of 2936 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
PID 1208 wrote to memory of 2936 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
PID 1208 wrote to memory of 2936 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
PID 1208 wrote to memory of 2936 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
PID 2936 wrote to memory of 2928 N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
PID 2936 wrote to memory of 2928 N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
PID 2936 wrote to memory of 2928 N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
PID 2936 wrote to memory of 2928 N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
PID 2936 wrote to memory of 2928 N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
PID 2936 wrote to memory of 2928 N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
PID 2936 wrote to memory of 2928 N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

Processes

C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe

"C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe"

C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe

"C:\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe"

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE

"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\au.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\msi.tmp"

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE

"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\jre1.8.0_401.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\msi.tmp"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5753513C5186DFD0279FDC597DE94EE8

C:\Program Files (x86)\Java\jre-1.8\installer.exe

"C:\Program Files (x86)\Java\jre-1.8\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre-1.8\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={71024AE4-039E-4CA4-87B4-2F32180401F0}

C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

Network

Country Destination Domain Proto
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 104.84.88.195:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 javadl.oracle.com udp
GB 104.103.251.196:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
GB 23.44.232.84:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 rps-svcs.oracle.com udp
GB 104.84.88.195:443 rps-svcs.oracle.com tcp

Files

\Users\Admin\AppData\Local\Temp\jds259396262.tmp\JavaSetup8u401.exe

MD5 24ca1c45b2830c06a9bd61e0158d9953
SHA1 d18e796dcf31fc4f8a176f80f4140b7e128718ca
SHA256 0e6c46fc45d9a7a8ddd13f67ee05cde85212c8391a09c917aceb375c26adccdf
SHA512 5171c318fb069f82e14c1a73b4e011e846b1dabab5e8b8cbdb1d830e7a98a5c3af25e2bdb9172e512ba560a04fcb8311e10c3c42e17536fdec345a400d4174d9

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 3c4f81ec87c9f5846b2fe801bf39eb0e
SHA1 d0d5e9c90c84d0018024d77b75dc263c8c3a7615
SHA256 348b512989c820fa42d4ca9d7caf1f6497a6fa55e99626251664e96d9e0a3960
SHA512 a2f1b427bf7246d874268f6274cc6e2745427a552c4e35d6d99257f6065da9b8bc6c5f8dd636550615822f2ba914aee074790888caa3015055a6a870cd5c9631

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 b945d35a94127f151d6e96d1a55fb219
SHA1 89efc567b0181aefe9eb745db6b39e79b4c82869
SHA256 8cad80d752e845a8d425c6d6e2803b68c0b57cd8fadb02a17f3e3fd726ff6a26
SHA512 627cd2e46e9e917105ee31e46dd73ca5efe4279477e42ae307ae9a0491325ec139cd0327fa7c0321ef19da35b49fc12f4884a64cf0bf0821388992bbf660b430

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\jre1.8.0_401.msi

MD5 d5d4754429c9f83f30e761ee92641f28
SHA1 f6fc33258fec390c7663cc01f2c9263ea2cce47e
SHA256 ffbf1bca5efd9c715d72ba5a3cb1007e69105fd6c2f1a3d3250fdc43849b19e3
SHA512 212ed8c34eacd4bdaab9ca0c2e88d50b7040e438efa84de8d96fbcb71a5b4c8b82e3e24c52a30233438cbbe25688453a5d4eac4976e13030974b57f0a551d590

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\au.msi

MD5 5bfe9f595889b5afdabb0df406872c77
SHA1 036172b29da2954d26d656d2cd1751651d3344d5
SHA256 b4c90197a191d01fcf4c9d5d63f1f35f810a0bcd96dbedbec5a66976423b8fad
SHA512 111c61cca36f653b78bad4d47811ded43766372833a0130281e55ee5326bd7ac16b778a83904bf3a6d19bf3042ef1c06194896ea8792e8e128ecb7fe309a49cf

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE

MD5 3842c46f2fbc7522ef625f1833530804
SHA1 3615c072ad5bdadba5e5e22e75eefaf7def92312
SHA256 17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7
SHA512 9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\msi.tmp

MD5 f68b337ab20af8a00436ecdda4371749
SHA1 ae6bbd8f40af11fbb0ce4495e987f434a408a2f5
SHA256 65cbae74ab253db2464c2718ebe035ae6f0123fa35ebe2ff436ac8e601e3583e
SHA512 135c9b51ef6d488bfbcb0010c494f7ab8e61cea6deeb001d3a2adce224ce3459dc45fcfaa434c681c0f00869545eec681d6e7910002dbf2d582ca183ac5476bf

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\jre1.8.0_401.msi

MD5 63ba7eada7797aac6cabf9da37b27e31
SHA1 8ebd1e69c233ecf6206b83173ae8d93c8c1935ac
SHA256 240cdd9c494131d216ab1d11921298413c434d45a2c169618cd95d5d5f230dad
SHA512 251c405e1604d1baa0cf78edabcf6a066fbde7b5967637c6b211fc43661303d3bc3b94c28d4f93f315cefd3c9eb3da08fbd38a4b6cdf465d31fd7fffcaa0a7d7

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\msi.tmp

MD5 b51f0e00564a2051021090697358725a
SHA1 3a4ea0ab07d8982d22d0cc0f7eaf871e4a1edbc8
SHA256 68650b44efb47e53d037dbf076df3c21c77fa32f5eb9c870d262a3b3d5ac1ef9
SHA512 e35ee732c843c9d5abc42b9ae02b5c3202202044dbdce06463e97fec8fc7097eb1fb2338f2e2ec112197cb0dcfb2424d24c2aceaaab9f0c28643edf369293ea1

C:\Users\Admin\AppData\Local\Temp\Cab6FC5.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar6FF7.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D2F6556190F7B1A25A117FFB5467EEBD

MD5 0c6e49ebae23076f4b06051c07937011
SHA1 fc33cc03c920a1b12b5160e3e573db0ead661c75
SHA256 0de2b040d3645fea1711e7620722e511f3394b600b11a562c7b31dbc8f168bf0
SHA512 2e22995bbb2588cae936a0481d76dc6939fc63141e8e9ae3ac5d3d61af1d9a5bfdd48577fda9c29b6e435bf1a379be528c2be5be06762c18287d5601689360b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D2F6556190F7B1A25A117FFB5467EEBD

MD5 fc3ded1def954f34504eaa5221359d4f
SHA1 488e94b9e44ed0a04ec7cb85815e61f7700f7d7c
SHA256 55cfe802e85f844635c77aec20cfabc18662bf012f330f05566260ddb9d9abbc
SHA512 981500eaa0b01e2d66efe74de289a965a8e4efb305bad4c32fecfdbc482881c4d814805e3f911f894370240d8f8321717a94a1d21bfd7f8cda8dc3b6aed23d9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 6b56e0914f853f63c38659a8dac07241
SHA1 3bb9f09d3d77656f4f125778d3bf7a8d60623611
SHA256 f13473d83cabb41acae192909b110319e3c215c500c70369a7c40d4c69e74cbc
SHA512 8737c51a1cfcbc18e6eb1b09d292ea6d3f3bf6865b10b40aa00c3ee93ef4a485eaa79d6f8c83603599cd7b1a472e333dc69eedbaca4963dfc68f7549f085f223

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 d50a203e5eecb3eb8fdba13938602714
SHA1 244304b182626864a052eeac6fb9fc771cafd623
SHA256 95192a6bc31aa27a57a59957f5fcf040e630d4da16e95ba8b25eb62d3fcc5ab3
SHA512 6ed6720b64667717819cf619285b3ae2334a180471e5fac80589f321dddd14cc7c4750a87f4bfe41b4975c3f55e3493acefe4a4e7a7140957da7d5500246376d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 052ac8be83f85537bb414faa963fce2a
SHA1 eab0e5196c91c6bb6ea74fb3de3d4d3be54ac50f
SHA256 a7191139cb80e845ad6a7d29d5723eb379680ba8308a55e4d72a295697c84e9d
SHA512 4103ea85d74dfd4a4d82ca9b418685404e3396d247818b85f13b22a5f83f5bc593ae03eed09d2c39b2a6df6bca1a73399754e5d9d969e0df43ef1ea588a145b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 31b047f3f229c6b64d30b3d5d85fa6f3
SHA1 a39b55b71ce2d4d320c63ba09cc3d90ce4c16011
SHA256 86a620e6cf457816116de27ae6b217f560dd8b1373b6a0177113829881aa58ad
SHA512 5af457e02f2068e2fc7ddb5fddb3c3a16fd8130c63b85935540e0a109591b55007f5583d8213e4c2307028825108800543b719c621121b21befe5cc82c77ab6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 fbebd0871839319f43e5c9b4e1c71640
SHA1 2270f53077bf2980bfb00f32c982b2ee376a095f
SHA256 faa4382addcaefdf9e8c68ea0dbc70e185e6b88df8869478d410ecd213f3c427
SHA512 d47a825fbf913d9d5c254aa38cf35cf5a93ecdd7033b99bc4feb2a0a86b17d317035d18ba4a955aa507a76f1dc1bba4ead44e8155f80296d6e0c496f76fbbdfc

C:\Windows\Installer\MSI75BE.tmp

MD5 8e21251abe795de13e22990264b25187
SHA1 061993009beb9b86548723e1c1dfbe75ec3557bc
SHA256 77a317150fd87826c736d015f9ad2610c6f5c76e955e03002ef349a843cecef3
SHA512 eaae043e22296b00caf8bb38c7a62703bdab611940621fea7e6ef89e981739271762cd50bb4b757f76065bbd76d6c8e09fc9b1a708f4d05f43f63235e9eec017

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 fcef760c9bfb6a9ee88efc7d81f43443
SHA1 9d6f700236048a0f726d291a16960db522d8de58
SHA256 4712f722d3577090f2744bbeb1c94f4522c8e6a9abdb690b766de464d404b5a6
SHA512 6a28993a21290abd68454db5fa2d3470db77d5fdde04b772de3ac05c34d995daff84f8b8a9c35b3cdcdb3e29e1df8955b4e76861a6d0539caa6b203f6aba1595

C:\Windows\Installer\f767229.msi

MD5 e8ab738ef1f060bf1b1bba6df0da52de
SHA1 95f67311ebb98a958c71a5bd6cda1769e943b0c8
SHA256 8589a96331aa06fdf5dc24fd3f7b73520ce521e074c661df5b7f84cb224b1e94
SHA512 7bd813acdf6b9687507be29fee7d998c438d0141934023035288336046bd07dc5edf7b957696f85d190a6ea863c443c377b542a320e4a0931f58c9468dfc3d13

C:\Program Files (x86)\Java\jre-1.8\installer.exe

MD5 305776bbafe105f7ebfaff5eab237a5f
SHA1 87827cf3f4af1352c7910c2ffe94023fa30e8bde
SHA256 50e7021340dc4906fa473fbdccf225bd4aa2044b3f8c1ae2e40819498d47cf7e
SHA512 01fe9e0f8231b148372e7bef8e7bc5e00d5ae406d81fb7cc91812357b0b20ef0f769a37ab98d5ada38514950f6ce15992f9c65e55092712e0b3a95f688da57d5

C:\Windows\Installer\f767229.msi

MD5 59009e528276f5f06c1d7410ea3b2707
SHA1 a20a101f09cc6fd9c9903e77c8b2a01760272b24
SHA256 71e940ebfead826267adad8c16d612979b577b2beb84c534ac72be653e59cd4b
SHA512 1e41377ae5a2447847f56d2f1d1fea3dba141461e04b98403f175899c1298d604dcb1348a49941880882c94f4b26378f05b9d0e680afc9d23fbf685676b14227

C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar

MD5 299059fb69cb796c14a795f5c3605414
SHA1 e39b3743d2571ab284144ecaea2bc174fa9ecd77
SHA256 02a5b97071a294faaa7286803a7d735bd32ca7dfaf805062c2fdbb55f2aee3be
SHA512 80177b4c28b6c816cb27f2e86a07c0b9a662bd92119a2413033c43ae1e41337b448872f40e6eeb974b4b415dd7db20cd90f9a342365ecaf061e9b1972c0a2293

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 f0f7f6afa13bf8a1462670dccc558071
SHA1 167685ff104eafcc75891a220f0cdc9c1b5969c9
SHA256 c53b523bc7c17da36c77278c61ad5ed7b05a5b4e5488ae80dd09678d0e60224b
SHA512 79b0e6c0a0b4b321f1d31fde1391be63d3c78b194584285c51d575ee92f7c16f1d24aff6b3903897a6baff4387137c71e8d80034524e8996cb7e9af5bb3a163e

\Program Files (x86)\Java\jre-1.8\bin\java.dll

MD5 b27b6b80c294025d74a3a2601d51022c
SHA1 19f0881e9c1acba57618f8e44c7742bb02d2ce81
SHA256 6d25986ad2337eb1ab87d69015513016b4d07bc3fd72c357c0df770686cd1d98
SHA512 6ff9d2bc8a063a540a02bf8aa498ceb04eb136675475d611b8ca0b065dbbd39b5fd6fb4fb82f251c11d2a3f393d8c4bb76de04cbd92351a0f4d58d8ed88c896a

C:\Program Files (x86)\Java\jre-1.8\bin\ucrtbase.DLL

MD5 126fb99e7037b6a56a14d701fd27178b
SHA1 0969f27c4a0d8270c34edb342510de4f388752cd
SHA256 10f8f24aa678db8e38e6917748c52bbcd219161b9a07286d6f8093ab1d0318fa
SHA512 d787a9530bce036d405988770621b6f15162347a892506ce637839ac83ac6c23001dc5b2292afd652e0804bd327a7536d5f1b92412697c3be335a03133d5fe17

\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll

MD5 047c779f39ebb4f57020cd5b6fb2d083
SHA1 440077fc83d1c756fe24f9fb5eae67c5e4abd709
SHA256 078d2551f53ca55715f5c6a045de1260ce331b97fd6d047f8455e06d97ef88dc
SHA512 95a57d79c47d11f43796aea8fd1183d3db9448dee60530144b64a2dd3cd863f5b413356076c26101d96dd007ebf8aff9e23cf721ba4e03d932c333b8e5536b73

\Program Files (x86)\Java\jre-1.8\bin\vcruntime140.dll

MD5 ba65db6bfef78a96aee7e29f1449bf8a
SHA1 06c7beb9fd1f33051b0e77087350903c652f4b77
SHA256 141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493
SHA512 ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll

MD5 3979437d6817cdf82da474c8a1eefb0d
SHA1 5e96fe40993acbc7c2e9a104d51a728950ad872e
SHA256 3dd2e16b6f135cdd45bce4065f6493540ebbaf2f7f1553085a2442ea2cf80a10
SHA512 4f64c6d232fdae3e7e583cb1aa39878abbfbbc9466108b97a5dce089c35eb30af502b5b212b043c27c1b12b23c165bd2b559060c43d9e2efcdda777b34f0066b

C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll

MD5 8b644baae269e2516afceb3ffb167ca8
SHA1 cb6712b88bd8fe8318afe79acabbbb573f99a949
SHA256 ced61209193fb4347a5e36b160b635efcbee47be35effd1340d77e469d04c2fd
SHA512 bf370fa1490ef42d29e4faaaafd4c2b1ada1d52aadbbe189b08c0d5b3226252a6263379a3dccee9976fcaba1d3f5c4354725d23cea5f354456a80bc0979602c4

C:\Program Files (x86)\Java\jre-1.8\lib\i386\jvm.cfg

MD5 9aef14a90600cd453c4e472ba83c441f
SHA1 10c53c9fe9970d41a84cb45c883ea6c386482199
SHA256 9e86b24ff2b19d814bbaedd92df9f0e1ae86bf11a86a92989c9f91f959b736e1
SHA512 481562547bf9e37d270d9a2881ac9c86fc8f928b5c176e9baf6b8f7b72fb9827c84ef0c84b60894656a6e82dd141779b8d283c6e7a0e85d2829ea071c6db7d14

C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

MD5 068c7ef03cec255b4e879775c3756e6d
SHA1 e5651b9f2b1f392e39d5352578e15bb35a9dc39f
SHA256 fc9471d147617096169a554bc57b8453f31ef29a365754f73440174d6a668e44
SHA512 2613fc77407b7fe36945502ab09287f26968b59a56c64446f3cd793d8ddef736388e8708ee4fd4cc285dd6946ae8394033b52f6cbf39b08d24e5d9aa2c6a1d42

memory/324-818-0x0000000002800000-0x0000000004800000-memory.dmp

memory/324-823-0x00000000001D0000-0x00000000001D1000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 64a340bbad2f9ce90f8ab2fdb2ef62fa
SHA1 4681841549531121667fba84f2bf59d59f4803bc
SHA256 8238413052fc85c62f25bfb01e14a18b43d93dc1dd269c95538e209c22fb795d
SHA512 1c5a1e101287569db207dcfbfd5a0d479aba7fc7e0c03647fcc80249480972340cbf0c059ccdf889d2c1402117639a1b265bd1650d3228fdd96c963739510e89

memory/2928-992-0x00000000029D0000-0x00000000049D0000-memory.dmp

memory/2928-994-0x00000000029D0000-0x00000000049D0000-memory.dmp

memory/2928-1002-0x00000000029D0000-0x00000000049D0000-memory.dmp

memory/2928-1013-0x0000000000180000-0x0000000000181000-memory.dmp

memory/2928-1014-0x0000000000180000-0x0000000000181000-memory.dmp

memory/2928-1015-0x00000000029D0000-0x00000000049D0000-memory.dmp

memory/2928-1018-0x00000000029D0000-0x00000000049D0000-memory.dmp

memory/2928-1019-0x00000000029D0000-0x00000000049D0000-memory.dmp

memory/2928-1023-0x00000000029D0000-0x00000000049D0000-memory.dmp

memory/2928-1025-0x00000000029D0000-0x00000000049D0000-memory.dmp

memory/2928-1026-0x00000000029D0000-0x00000000049D0000-memory.dmp

memory/2928-1027-0x00000000029D0000-0x00000000049D0000-memory.dmp

memory/2928-1028-0x00000000029D0000-0x00000000049D0000-memory.dmp

memory/2928-1029-0x00000000029D0000-0x00000000049D0000-memory.dmp

memory/2928-1030-0x00000000029D0000-0x00000000049D0000-memory.dmp

memory/2928-1031-0x00000000029D0000-0x00000000049D0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-23 21:39

Reported

2024-03-23 21:42

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe

"C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe"

C:\Users\Admin\AppData\Local\Temp\jds240596187.tmp\JavaSetup8u401.exe

"C:\Users\Admin\AppData\Local\Temp\jds240596187.tmp\JavaSetup8u401.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 53.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 104.84.88.195:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 195.88.84.104.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 javadl.oracle.com udp
GB 104.103.251.196:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
GB 23.44.232.84:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 196.251.103.104.in-addr.arpa udp
US 8.8.8.8:53 84.232.44.23.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 57a336b5a5470061a17f84e9e008f526
SHA1 7843e83b9d0db63e80e22916737d386d80454f0d
SHA256 a38a26d643d9b0fde5cca689fe101ddfba14a23443390d323e133b044f22f430
SHA512 20c752482b5645732ada30360d73f4afc9afe8aff6cc23ecc363f2e192c9266f5b082b8559efd63151a35e305928dfe80adf7ac1687794483cf736c4bdad5eb1

C:\Users\Admin\AppData\Local\Temp\jds240596187.tmp\JavaSetup8u401.exe

MD5 24ca1c45b2830c06a9bd61e0158d9953
SHA1 d18e796dcf31fc4f8a176f80f4140b7e128718ca
SHA256 0e6c46fc45d9a7a8ddd13f67ee05cde85212c8391a09c917aceb375c26adccdf
SHA512 5171c318fb069f82e14c1a73b4e011e846b1dabab5e8b8cbdb1d830e7a98a5c3af25e2bdb9172e512ba560a04fcb8311e10c3c42e17536fdec345a400d4174d9

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 01aa0948405cb509b1c5fbb4f09c4f19
SHA1 d47d8e29f6ca85d4b1651b9029a3c48c75437224
SHA256 520a2f0c3aae82816a7b22644e683062359a19b47c90a38bffee6369af08b9d7
SHA512 4bcd3b4fedac95af54d2a71131af6cb36cfdce85de31e96da0e19416ffbb01634c1d381506f736fca49b68a5678273715481a6ec236453365459920cb4ba8064