Malware Analysis Report

2025-01-18 21:19

Sample ID 240323-qeskesah81
Target tlauncher-2_28_beta.exe
SHA256 d0a5601f97b620dd9cf67c7e81016e85df127d7527c0dcd5cafb5ef2c4af0268
Tags
adware persistence stealer upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d0a5601f97b620dd9cf67c7e81016e85df127d7527c0dcd5cafb5ef2c4af0268

Threat Level: Likely malicious

The file tlauncher-2_28_beta.exe was found to be: Likely malicious.

Malicious Activity Summary

adware persistence stealer upx

Downloads MZ/PE file

Registers COM server for autorun

Loads dropped DLL

UPX packed file

Executes dropped EXE

Installs/modifies Browser Helper Object

Enumerates connected drives

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Checks processor information in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy WMI provider

Uses Volume Shadow Copy service COM API

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer Phishing Filter

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-23 13:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-23 13:10

Reported

2024-03-23 13:14

Platform

win7-20240221-en

Max time kernel

119s

Max time network

148s

Command Line

C:\Users\Admin\AppData\Local\Temp\tlauncher-2_28_beta.exe del "C:/"

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0065-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0003-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0035-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0080-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0088-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0084-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0031-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0066-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0095-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0045-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0083-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0079-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0048-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0044-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0029-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0098-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0035-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0095-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0099-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_ko.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\access-bridge-64.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\security\local_policy.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\rt.jar C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\java_crw_demo.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\awt.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\javafx_font.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\tnameserv.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\zipfs.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\README.txt C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_sv.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_de.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_es.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\management\snmp.acl.template C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\bci.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fontconfig.properties.src C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\t2k.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\psfont.properties.ja C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\javafx_iio.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fontconfig.bfc C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\policytool.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_ja.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\sunpkcs11.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaTypewriterRegular.ttf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\resource.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\nio.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\fontmanager.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\accessibility.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\classlist C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\cldrdata.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\Welcome.html C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\meta-index C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\jfr\default.jfc C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\JAWTAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\JavaAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_LinkDrop32x32.gif C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\psfontj2d.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\dt_shmem.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\lcms.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\deploy.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\cmm\CIEXYZ.pf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\COPYRIGHT C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\kinit.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\cmm\GRAY.pf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\tzmappings C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\plugin2\msvcr100.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\cmm\PYCC.pf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_pt_BR.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\THIRDPARTYLICENSEREADME.txt C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\release C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_MoveDrop32x32.gif C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaTypewriterBold.ttf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\invalid32x32.gif C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_CopyNoDrop32x32.gif C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\jfr\profile.jfc C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jjs.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jfxwebkit.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\ffjcext.zip C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\security\java.security C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\f7692b3.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7692ae.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f7692ae.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7692b1.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9455.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 705498bc237dda01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 509112cb237dda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000312de8b6fbab63d2374bc1b9d10553b2cae2cc9c81595a2b4a4d5b77ba5d304e000000000e80000000020000200000008791fbe1418f49294d37bf4fb4426b93ae70130ca6f16dccabf37dced09315d220000000d9107b40f59115df3ead5ca3b7bc7ecc91307cca73d9707b3006b19b0a6fa7a9400000004019a1b8f787fe77eb1604c87af7e4162e0e7538cc61e806faf4f11a5fedd73e74ea8c82c007291775bef4dd11305d4aca5b3da96225bbd01e25e5343cc6094b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000019df9102ebda08d3909776c5a784ddc674fe005a32598f0c8a3f69f7f7e41113000000000e8000000002000020000000ebcda74f7ceef944a56b2391f4698451b65252a48d84033c47f929b97e195053900000006de7910305d80d59008493d251f3a47c664e1b854ed07edbb6db3979c89296d521cd5f22b62b853ff82eb8003bec1ca7fc2a97bb043812484a6f6fb9624ac4395b2a6e1836280798255e04c1f8a9bc54a8412ffae6b78f6c526e5cf87f94164c244c3dd4002ec618692ea4c5ff8b715053245db1394420303ec0617575f8c4e2ec75d36302b902e7d2cedaaa8242645a40000000c4fd7e742c1873671d726455f521d1d09a99b170e2e28e1b6ff967476ef36826e3b6c935e47c4985141a98d66a1a060cd1bf036b5215e1f68db56d9831e8ff1f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F1F9C3B1-E916-11EE-A3B3-6A83D32C515E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 2c0000000000000000000000ffffffffffffffffffffffffffffffff100100003d000000900300001d020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0094-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_94" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_33" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_42" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0074-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0000-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0084-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0033-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0069-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0072-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0085-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0078-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_40" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0079-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0029-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0045-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0022-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0020-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0099-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0004-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0093-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_93" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0099-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_83" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 808 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\tlauncher-2_28_beta.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 808 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\tlauncher-2_28_beta.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 808 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\tlauncher-2_28_beta.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 808 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\tlauncher-2_28_beta.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1988 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1988 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1988 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1988 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1988 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1988 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1988 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1988 wrote to memory of 2476 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe
PID 1988 wrote to memory of 2476 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe
PID 1988 wrote to memory of 2476 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe
PID 1400 wrote to memory of 1860 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre1.8.0_51\installer.exe
PID 1400 wrote to memory of 1860 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre1.8.0_51\installer.exe
PID 1400 wrote to memory of 1860 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre1.8.0_51\installer.exe
PID 1860 wrote to memory of 3040 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 1860 wrote to memory of 3040 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 1860 wrote to memory of 3040 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 1860 wrote to memory of 3040 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 1860 wrote to memory of 3040 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 1860 wrote to memory of 3040 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 1860 wrote to memory of 3040 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 1860 wrote to memory of 1176 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 1176 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 1176 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 2420 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 2420 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 2420 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 856 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 856 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 856 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 600 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 600 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 600 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 640 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 640 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 640 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 412 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 412 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 412 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 1708 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 1708 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 1708 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 2960 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 2960 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 2960 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 1860 wrote to memory of 3000 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 1860 wrote to memory of 3000 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 1860 wrote to memory of 3000 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 1860 wrote to memory of 2396 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
PID 1860 wrote to memory of 2396 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
PID 1860 wrote to memory of 2396 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
PID 2396 wrote to memory of 1700 N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 2396 wrote to memory of 1700 N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 2396 wrote to memory of 1700 N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 2396 wrote to memory of 2188 N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe
PID 2396 wrote to memory of 2188 N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe
PID 2396 wrote to memory of 2188 N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\tlauncher-2_28_beta.exe

C:\Users\Admin\AppData\Local\Temp\tlauncher-2_28_beta.exe del "C:/"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://java-for-minecraft.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:2

C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files\Java\jre1.8.0_51\installer.exe

"C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" REPAIRMODE=0

C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

Network

Country Destination Domain Proto
US 8.8.8.8:53 java-for-minecraft.com udp
US 172.67.143.19:80 java-for-minecraft.com tcp
US 172.67.143.19:80 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 8.8.8.8:53 javadl.sun.com udp
GB 104.103.251.196:443 javadl.sun.com tcp
GB 104.103.251.196:443 javadl.sun.com tcp
US 8.8.8.8:53 javadl.oracle.com udp
GB 104.103.251.196:443 javadl.oracle.com tcp
GB 104.103.251.196:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
GB 23.44.232.84:443 sdlc-esd.oracle.com tcp
GB 23.44.232.84:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 104.84.88.195:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.sun.com udp
GB 104.77.160.206:80 rps-svcs.sun.com tcp
GB 104.103.251.196:80 javadl.oracle.com tcp
GB 104.103.251.196:443 javadl.oracle.com tcp

Files

memory/808-0-0x0000000000400000-0x0000000000417000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5940fbe98ab0317d5ee8bc415ec644da
SHA1 e99d3a7dbd732a5dbdb730187a6f678cbf77d620
SHA256 ba2305f12c7f24a3e154ef911fee548fe85d4c875934f99d33e6564ca666845b
SHA512 f28d3da12a56cdd58a4a9d171b8ee202c1865be0057fbdaf07dfa4669aa423c51d02d961147c2950228b751c34cb7ed42942cba94c5e348a55db6cfce42270ba

C:\Users\Admin\AppData\Local\Temp\Cab57B3.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar57B4.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar58C4.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 910cfebc4e7462c27f630d840ecb98a3
SHA1 4afabb164fe7dcd5ac0afbd662fc54beae902584
SHA256 da3b60247f64c21f04abed7103bc3af327ad4ec60bb9664ef43dfee76254dd30
SHA512 199003e55cb2e8355ded6bc305f262540aa4f96c0429480a14bad5688c188db86f0ed3d4e9a52aa6e2b9cb06d571fba07f3fbe765a3530260663837c4b5ad0d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93a8623ceac9927e95225d5d7aac4e20
SHA1 fd59ed5833b538549733dda5a079c0e0ccd72015
SHA256 fbc3cd4a56d77b85a37974c28d351e6c1ac062571cafd93882ae26f66e140f97
SHA512 551ab6c6b116ad9cfe019c28dc1fecbdcfbd6482f216a40d9367c207c16664ca71ff81878fa3c9680ebac401ef69a77b056e79ab989f0b269825b9da92c1ac73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a86da54779801194a89ad197865654a
SHA1 7483865a6ee01fa4a5dc33d733dcb817d8bee987
SHA256 01e9021f5e9079a412ae83eb2c038c3be4cb56d061174b80b1cb8f72186bbf89
SHA512 b6c8859f9e5ff52821215257b2c3ec2746cef99be5ac238f8ea1ed31261be314e234b245eeb88ed73744406bb550cc9a086682da82500879757901e41ea175f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b8f0df5548c997c4c834372235fad8d
SHA1 ee14ebc4f4adb48809bd342cc6ceb801e5b1b22a
SHA256 2c639a5a12e9efa5a05600e72d99478de9bd51d697616ed7d2fa639ec920b7f2
SHA512 69edc130c632d49476903876cddb05c5a5dddceebf95f7de5ddbfebbf86abf2ff50b3f02e48fad72b7e9b8f5751adfb05e8654bb7c813fe73bcdc17af87d4ee9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39211cb91c6e3164368e417dc7f327f1
SHA1 a9195ba10d68d69bac7b04c718bfe34f6da0977f
SHA256 0c22fbe8075f642c82afbe26841d7ba558fec7ad7e22a8c2d1168c6c107243ba
SHA512 51fac061eb2ac2e1a9d1a54545ceca8a13ec062aad1522f566dfd197eaa8cb2187e1ab02b6eb84eab54d950e65b76d0c0a1a776d6cabd62eedeaee59ac3aa6a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6204544f5830fb10a1219af37ed24c4a
SHA1 520726e9854a965fc326393f9cb8a292c571a1ab
SHA256 93eab6e1930916e5a7c0095ebb5c07ce19587d4e6cc908aa392fb337693c51a6
SHA512 b447aace0af0e484d0afbd92fb1c48b4c3c4a9470756e0722fe10a8fd6d59afe16a4a9980817838c5a0d541e5f2349139c83c3975fca2c571dda2948506ae3b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 414840694502ce3fa4381bec75cc0dd5
SHA1 d0f3827c6d3abc7d374df9450982ba4cb839075a
SHA256 2c7195b7977af11794f5500917bc258f7eeb2d55940c7fda7275ce52857b460f
SHA512 33ae2ab21efd37ce01d1ac4473a71550be8522108eae52a391c25ff8476e95c49c34b204ca736945273a7ce736a7a0759a5d3b4bd183dd31b961746bce01386a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b03d7c0a1bdd5b6353d363665d77d35d
SHA1 1e04afc8bab56e60b52a0a492de6f364bb1d6d5a
SHA256 81def1a52ce58f2aa4191ec8a5dd59b2512e2a7794223a6615f5209431fe25c2
SHA512 7ce762a0eff747cca6729e4653de3e7e35b4cf6c770714b3845a784a1559ef33c652ea03a9d992ad37a608eca7eb1c4f40a9c78083b9c5ab1cc62872c958ad6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec66172cb92c3f3dcf2168d19b4bb1fb
SHA1 cc07a93b7ba7462ef44bc95e200902d3c0b00e49
SHA256 46445374120dacd77aae6e4b6f27bcab45b73df94c0b8564f3d605b13d82bd9b
SHA512 5d6659a912f72148dd719170c88cbf23cb9da0765faffbab4e1f84220769440111be9bf78e08d300c2c95f249e0f8619a9d8bd7545000ec01f6bc17851e2a601

C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe.zxqq0gq.partial

MD5 b9919195f61824f980f4a088d7447a11
SHA1 447fd1f59219282ec5d2f7a179ac12cc072171c3
SHA256 3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01
SHA512 d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

\Users\Admin\Downloads\jre-8u51-windows-x64.exe

MD5 6d32f2c55aae07f7077b07179f0a7bab
SHA1 fe64bb8b312d159714e68df25a9359670a5ca9aa
SHA256 ea5cc7a7cbe84160bf98837c890f4f0356ff75a5caa3065902fdd6aa186d228f
SHA512 010e4919ecccf614c5bf734241b3e85724aafda48d47af45831c07e369203f627156db73c7ae60bbd8c94c672e387edf25e1213c29717e8b274890cb72e9b29b

C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe

MD5 dc0955a350820fa7ecfc7e6122b9866e
SHA1 226a4035ec32e95f826701443896028ec87ad9ee
SHA256 607fb581e0e8d6495854c6e91b24d955225ad98f5c8b2e13ac528e232e2d882c
SHA512 04a81fc9e721b03d3dc36a928ffea573f6d565d4bae7a7f3359f9890a9dac1f28d5ca9432e5ed111caf9e30bd3250069244fa1c97759e5653122de812d935577

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 a3492466da52a7be05f03ed59d937983
SHA1 366d4cf435d0f67b4f28f01c9aac4d79623bce68
SHA256 88ec86a7a7b79b3fa8f5065b6f58f1bc1bb650ddba19e0a4d0a04f18a7b223f8
SHA512 b502330f24aeee9aa08cc7d6abc6354214403cad337c069c3936d0cb28ace79445812a866b17f29b36c2fe0c722724fcff6c5001ff932902d99dcf9ab3c35e2f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\K0CS9PU1.txt

MD5 728ca150c19e2503da7c0612d5dcd5a3
SHA1 6b46846d8ae7c182ff35f86a7ae324eb57290e15
SHA256 906300f439c0ff1b96e19b5a2d194401110ea5bcd634d671bd872de0ca44384c
SHA512 2c07b6d22333ac702b937162c09f3d4ab958410964aba8a474b6897d4d8bfb76c95ce0c58e190094325947aa1539c172398ef95b8f8b05eaec69d262a127419f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c1d0578abc05afed1957fa86b800e63
SHA1 68696317bae3b40d37fed53e2c85ede5d56b9ac3
SHA256 9563780e5ddbb02a02c66b4a591e784bc2392d00a2f1dc75d82cb0683d55473b
SHA512 4c39416635f46a033e4d1b4739e9e7281eaf531fe28313bf790cae6ec5128205488c5c36231c0b6c2dcd7be7c663b83244d79b1ae8fabbecec653482f4ef3ab7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 6c7659508b835958ea2e4d5324bbafa9
SHA1 7ddcc2b933056bb07bdbc1e8579ab2375a9b5600
SHA256 9aeb61c337f7240390a9e2abdb7c2180dc8a6cce1fc7f0704bcc32a8ed21bb6f
SHA512 7ddcbea04f2c4f9df29a6c74bd6ad95d669ba66fb990245fdd779dcadab7dd8679f126a77c562ffa393465f9137c195545f377b051cfa52e35f97ee03e39464f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 89a52c0139d7b2b57db50e674db17086
SHA1 4d0221664f611ce3d9b68187be0a46ec2d942b41
SHA256 2bc916943226e62def5abb94331bdd63d280f0032e2450655e88d1336d984533
SHA512 e8bd5ad5e8251338809fd218b7a0181aecbeb9a582338a350f2d341a544c6c1670aa94f7d6b68be4a8726ddc70846ae37484ed67ccb0722ca3758602ffa598e0

\Users\Admin\Downloads\jre-8u51-windows-x64.exe

MD5 a968dd4e8e614f9292121f436998a034
SHA1 421c5ed1fcc3a8e261b089735194cab6ba5d3888
SHA256 a5f1d1f86033031331546f098ae75c1dca70bdcf71c1ce2457fea2edb4e05573
SHA512 748935e8c037be055d0c25556fed776365664bb9b2e3aa9a89e3df0e89c2c6eb249edf80d00eaef9e59237703e90e7fa9eade581865cb23cbe4e1a4efcb030d6

memory/2476-693-0x0000000001D00000-0x0000000001D01000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_51_x64\jre1.8.0_51.msi

MD5 1ef598379ff589e452e9fc7f93563740
SHA1 82ad65425fa627176592ed5e55c0093e685bfeef
SHA256 d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2
SHA512 673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE

MD5 d9f5433e9ab0bc342836a6e4e8ba9817
SHA1 41c0eaf6c05057233ce69aa0bdbda2072e4a5ab3
SHA256 9aac9e3ee734a44997fb47874398d619272231c2db8a6ee5936b8e55261a0a87
SHA512 b9a440dccaf6989943b1e903ad3e1eb9490066b0816131a739b9f3b5ab3755c33ee490a34bf8e3b7968222489d2de31caf5f49ca226f9ca83a04ec69a5a0a5e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE

MD5 1093de57c63919a2605056ee5a3586a8
SHA1 e1711963b92a029c2d5aeb75d1b01570d3c2ceda
SHA256 caba2511985ee96f58e648544a78b304dee50c4ad27d796bef3cb0bc7dbbc094
SHA512 0d268db7477e2a9af838b58f8830661c9e881dbbaab219197f069d0b9e646dc7187745394eecdd16961a3c0a8e412f2ec7c1c84ac3fe0f6aa3a0d88ceb63df7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB

MD5 cbed24fd2b55aea95367efca5ee889de
SHA1 946f48b5c344fd57113845cd483fed5fb9fa3e54
SHA256 1dc8a0fcbe260b77adfe5ad9aaac543239b2a0d9f4e1f3c2657beee4376ffee4
SHA512 c504a11ea576f8ce14de26a0617e22e71e14db0f1dadefc187ce94e4a35a83743c743824e3629899c262aae4772bb86a0ee5bb643db20645483f0c376215ec6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB

MD5 27926c73b4a8f1dc83808eb77bcd324c
SHA1 31e0e61441aefc304ba8064a7f2cbafb8beeae0d
SHA256 fecc959ed9843d58b1564638473988804e4b959c428df57e9c8d6d310e1e0b41
SHA512 1aa34155efc8806d356828616f4b2ef89aeb182681b8cd59f072b8cd0c92e4571e87280252d9fb89d8b8f095aa8d492939a5de7b8419ce6c65f41b335979a9cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

MD5 e0a9e22f2979b6d4a9e3397cab3534d7
SHA1 b525245d5c42503f7f72f41e0ef8ae1cbec275aa
SHA256 97ee3914a4453e9f17d9b54e19a8271c373f0bfccc46ecb215717d734a4e1e69
SHA512 b71ef08c4fb9b49e70f06588540a501d7c36f852f0f4570f19a09724531f4f1f882516238342a0a3a6f5f7650dcfb8320e09655a04a63ccf61a70a2e4c1609ef

C:\Windows\Installer\f7692ae.msi

MD5 c07daec47836bbdd5ebd9f420c19f2f9
SHA1 72c73216e95bd5aa2fcee0d8eb5a8e61e49ddfa6
SHA256 3b1db281189fc73888e8c7edcad1d1968d1fb6393d8a8486c8ad3eaae6d2d315
SHA512 174a91401003697c473609d02bdb9f2e4b04d8032bcdb0db7d572a85e7cd4e3c0609212f90ee419e6da471d1c17344ccd0dbf0a3235406b3aa0fd8b42a334403

\Program Files\Java\jre1.8.0_51\installer.exe

MD5 eff3c05620962d317941a108a6e34dc6
SHA1 ead296a2438503dc04fa4113a16e2b0587945495
SHA256 ecf83af280751f7567dcab416e18b83f732e2c69803c8f5132ec67c7a263cfae
SHA512 a4c045c9464a98481055ad121b533dc74ef8164280622ae35b51dc279f226ff0315ea25cbbc4b5b0f4864125ddacd3c63032bdd8face78f89b5040dd196514f4

C:\Program Files\Java\jre1.8.0_51\installer.exe

MD5 6d03a4fbadd8fb2857dd87ea84b03ab0
SHA1 672ac915870d30074644f7d4edeb7430297fa129
SHA256 95e5e054f4bd61906644b9dc38c3f15cf5f76d1d99284e22fa7c1baa195e1443
SHA512 161356eda050bff750a0211aad0c84f54b4e6e4f2fbb5676783f46f6ee9fa1552c1f35744860e2b12fe479537eadf86fe3a7176b8bffe1129679984159b7138c

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 ed990400a494f926eee0a6e54ff1f765
SHA1 8456b6e689fb6b02ebd2c827d4def46510b6fe50
SHA256 b278ea0331926115308604a078982eb1fcfea317e8da0e35ade9d0cfd9b36c32
SHA512 76a311866ea0dacd5d474e9e46e39d5a636fc46332a97af441c9eedeade3c8bba4491595218878231eb87fd5b19bc82c31df0f9d77893f1e2423f4626324187c

C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

memory/3040-780-0x0000000000400000-0x0000000000417000-memory.dmp

C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8

MD5 9b6873a06017be6b503e006bb56a2f9f
SHA1 5873b9fa9b2082f84a153e4da52430cff3719e5d
SHA256 27b8e0403fe670a6ea73b8ef4b60cdd8462daa5261b842624d644cdcb68ff9ae
SHA512 a4f18723510199a473299a02b8be50d69646246222fac10add9ecb3d154f6ddf6cb27cf494b0791669c703db05ff188525c1563b2736a2906bf6b1fa6579390d

memory/3040-787-0x0000000000230000-0x0000000000247000-memory.dmp

C:\ProgramData\Oracle\Java\installcache_x64\diff

MD5 cadf4f15c63b67dd56d28579a5753064
SHA1 da0e159ce51b9abe16b7a1561002e5bd4f1c3d03
SHA256 3c6e210d7dcd8509e43301fdff7da19c9604582ef1425d1565be33ab38ca9017
SHA512 e5e732471f8856781494c8da04fa4048b73449580080226f82feb5716370d7ac6f9a671d9490c86353d56e8862ae21e6b4fd331a2a6baf601de4aa6a74b585d6

memory/3040-788-0x0000000000230000-0x0000000000247000-memory.dmp

memory/3040-790-0x0000000000400000-0x0000000000417000-memory.dmp

C:\ProgramData\Oracle\Java\installcache_x64\newimage

MD5 de9737ee40ca499cd52ca907ef87ddad
SHA1 2f91460ae57e87174845be83cbd3007a617f0a37
SHA256 a83b98081e29879100fc29aa248b0e576b1e090a560f6a9032a7ba5ac4d98031
SHA512 fa564d8f926747e6d793a4ff05e0cfc35eed18c703cf8223380aa3146b776cd6143ad41f945b3d0954efef536f2a0af315430cbb5fe797580a82be20b7508ae4

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

MD5 5b071854133d3eb6848a301a2a75c9b2
SHA1 ffa1045c55b039760aa2632a227012bb359d764f
SHA256 cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf
SHA512 f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll

MD5 df3ca8d16bded6a54977b30e66864d33
SHA1 b7b9349b33230c5b80886f5c1f0a42848661c883
SHA256 1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36
SHA512 951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack

MD5 5cfc3a1b269312f7a2d2f1d7c0497819
SHA1 d048284db9ce7103156f8bbce988b4d9978786b7
SHA256 80ba80d2a6c20deef6e2f3973337e15e22eec30508899ae998bf191ba725db26
SHA512 8735af7c8bc5b48aac42120326a5dee21f98512ba31c57c77b6fc3906b7b1b98e5f22f57a31f26dc3e16abe63a6f15ef2e115c7fc17bbab35e846dc373da9c6b

C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack

MD5 5a83bc9b3e4a7e960fd757f3ad7cd263
SHA1 f5f308aec7e93accb5d6714c178b8bf0840fb38d
SHA256 0a95ab97c85e534b72a369b3ee75200f8075cb14e6f226196b18fd43e6ba42f5
SHA512 b8e554bbf036d0500686e878597ffdefa8bcd091ab6533eae76fa04eda310cec7cac89b71911f1f81012f499c7bec890ac9032685945f7e5e6b68f7ad3f7430c

C:\Program Files\Java\jre1.8.0_51\lib\rt.pack

MD5 284da2c23c72539cffbcc392df57f5ef
SHA1 e87d1f32edcc7dd57c7a55b63e2b3749389e7e72
SHA256 7ff90add73d473989942bc686ba554cf94b8219a7e0b9e54ee0639634beb5238
SHA512 3b39d6febaac6d7f49ee5f21335479b960967bd8220f4880272fc61114ddaedca75b8fe1d4a6c75058bbd039edb765aba0d6e70a5a5bb38ca5345019ed000b9d

C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack

MD5 538777ddaa33641aa2c17b8f71eed307
SHA1 ac7b5fdba952ce65b5a85578f2a81b37daed0948
SHA256 9948b1c18d71a790e7b5a82d773fea95d25ab67109843a3f3888f3f0ac9d1135
SHA512 7a5877e0eaef6424ea473a203184fedb902cd9d47df5d95d6f617ca4efa1162f0ffd418e9bc6b7492f938cb33fc6384907237487d6ad4f6d0d2d962402529d8b

C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack

MD5 faca5748ab8e44aeaced0f6debec9c84
SHA1 13f52084cc6b25f32f7135b77bf7d07a58153d17
SHA256 ba8ec7bf75968ec772388a832ffd17cd67e5611c57a7a24968787bd02dbd93c6
SHA512 41006fef8c9a2ce45f56b3790e4f338a3305dd4d62b696177200111bb1e32db9ce3c967ad1e57a600e8be3460cba95fd6adf30f04683d856289bf073959f37d8

\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll

MD5 b44c06b543a1918c61924ba4b63c231a
SHA1 9793cad0d213d0e60a03a5e61cafec93665eeee0
SHA256 5eea933bfec3571bc7a14874d8363ff4d85293bccc94168274b3445210139e06
SHA512 4614ec303a2c94e44e5bc32763005078d8a2a97cd2a33436d7b0248c94abeab87e15e19cfd3ccd1c69260c95ff948865726b062c477f5bc801d9ef0eabb25c0e

C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack

MD5 168f72fd2f288a96ee9c4e845339db02
SHA1 e25b521b0ed663e2b050af2b454d571c5145904f
SHA256 5552e52e39c0e7ac423d6939eec367a0c15b4ca699a3a1954f2b191d48a034e6
SHA512 01cdf3d8d3be0b2458d9c86976cef3f5a21131d13eb2a1c6f816aeb2c384779b67d1b419fa9233aedd3bbd16970ec7c81689bf2e25a8bebadec5de8e9b5a19f1

C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack

MD5 2ad7c3462a7494b29edbe3701ebeab4c
SHA1 7358ab9b0c4771efdc0d28764b90a46aac55e865
SHA256 7cdc489fa093e924649e82f4eb9689bc1bc0d28e20e37a0a94060efd5428c2db
SHA512 8b1f0f5932896f1876e5f8137dc8f74ff79f02b7708220b53ab2146fc742403ee952c68dddff9a92c786d4a534f7a266327934a8fe84a3c979c016cc8c93efdb

C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack

MD5 8dfebf0b78c6e3bf5aa5002ca9a6da1a
SHA1 1edee53b9e0af5d767d0051c2beccc474035024f
SHA256 0840d659560e62fcc41cd42dec9d7aedb8359f606097b540806452ca8ad05e21
SHA512 f9bf6e9558b52969ec152fbfebc239c1bcb7e4343b3dc58da5e7cac015d1fe75f255bd9ceb3fdeb86b2c05be62c62b552a25c94aba4091df3eaf163cf91da444

\Program Files\Java\jre1.8.0_51\bin\java.dll

MD5 31401e170ddd8437635c4c8571a80341
SHA1 b79de1ce1b96ad0c3d00c8a32e55043eaeb1bad7
SHA256 3e060e1aafa2fe99f06c34db84a49d3a2f994c1a0dbef40f37dbafd45cd69533
SHA512 fc5e52e5398563a39dd5d8204ffe52a8668c19e1f1bb9706cf408c6c7ed81f8be667d87233bcdfd8739ac022792c36b9147249e5eedb51b21493100ffbf1e5c9

\Program Files\Java\jre1.8.0_51\bin\server\jvm.dll

MD5 9e06adbcba4e54c9f102d1cac00fb3be
SHA1 2ee07ce84106e8575980639e717d2a54f1bc30e5
SHA256 40696dbdeaa13ed4da7d9fdd273ec388e58e811aae1e2597a4b328c490221fdc
SHA512 2c8adb1732545f9d1c2a0cad0514552d3aaa9adf485ad06c53959e2bc908bdf95520da4689eb327bad87cc26846d4445a1ee7983154c150c3da61efc7037e046

C:\Program Files\Java\jre1.8.0_51\bin\server\jvm.dll

MD5 15554a77879fb9e2db170041ea0c5a87
SHA1 1a4a3bd3cb3a510080fa6733b00ec2cf4ad026e9
SHA256 dbea0a0df9d97e2766ee3153801f1ab23bd1efa121b865e5e9c5e9916b904ba5
SHA512 5677168069e8344a5751aa679512561fe8e78addb74d17bb888a62c77b5bbfdd97a0f2a31d45101a6f111d8adfccf0dcace76bd020a1116d91c6bc6fa613342d

\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll

MD5 7fb62dcfd989a86d965cf707ef6fdc52
SHA1 c325cb2b8f4a0e8fd6dafe16f002b2e612f580fb
SHA256 57bd65dba7fd552e6cc98c52f0ff743db356b0401ddbf9a94b9625c93e8c750c
SHA512 5beff99dab1ec28d9604cd842ca71d5a08c86b47cdd6ef5cb37e94e25bd393e00b15a65fbe10578167e094280756187c9ee60313e39b9ff32aefe95e9a87236d

C:\Program Files\Java\jre1.8.0_51\lib\amd64\jvm.cfg

MD5 499f2a4e0a25a41c1ff80df2d073e4fd
SHA1 e2469cbe07e92d817637be4e889ebb74c3c46253
SHA256 80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb
SHA512 7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

MD5 7b23b0aab68e65b93bb6477f05999574
SHA1 920752e4c22e1165e6df27f69599483187edfbb3
SHA256 32546ecf1236769d2d777331f90282fb97589bec75da11c8e727d61d3d4c988a
SHA512 e3395303e53edce3dfa8fe11b7338c77795595a17dac17818e4bc8b77feee4900d541201d6762aa8f46565730e24a5423684049d40bbd074186ef7223c96b604

memory/3000-1067-0x0000000002870000-0x0000000003870000-memory.dmp

memory/3000-1068-0x0000000000340000-0x0000000000341000-memory.dmp

C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe

MD5 f49218872d803801934638f44274000d
SHA1 871d70960ff7db8c6d11fad68d0a325d7fc540f1
SHA256 bb80d933bf5c60ee911dc22fcc7d715e4461bc72fd2061da1c74d270c1f73528
SHA512 94432d6bc93aad68ea99c52a9bcb8350f769f3ac8b823ba298c20ff39e8fa3b533ef31e55afeb12e839fd20cf33c9d74642ce922e2805ca7323c88a4f06d986d

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

MD5 5ed6faed0b5fe8a02bb78c93c422f948
SHA1 823ed6c635bd7851ccef43cbe23518267327ae9a
SHA256 60f2898c91ef0f253b61d8325d2d22b2baba1a4a4e1b67d47a40ffac511e95a5
SHA512 5a8470567f234d46e88740e4f0b417e616a54b58c95d13c700013988f30044a822acfef216770181314fa83183a12044e9e13e6257df99e7646df9a047244c92

C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll

MD5 db74613f2efa583c207b7e19c24565e3
SHA1 79e17cd5ca3c1084f263f099bc28785026b4cad3
SHA256 25d1c05dbcc3133cdb16556aaf3ed2111e10c016572cc8ff502f240474ee9fca
SHA512 ce5277c243251eb45af9c4978d415d20b592282030763394a9ab06e8ad60d8ad27a43a3509e3956e4d3cba9ccdb559200f7955b8d66f90734a54cc8ea7673259

memory/1700-1170-0x00000000029D0000-0x00000000039D0000-memory.dmp

memory/1700-1169-0x0000000000130000-0x0000000000131000-memory.dmp

memory/1700-1171-0x0000000000130000-0x0000000000131000-memory.dmp

memory/2188-1174-0x0000000000350000-0x000000000035A000-memory.dmp

memory/2188-1175-0x0000000000350000-0x000000000035A000-memory.dmp

memory/2188-1183-0x0000000002DE0000-0x0000000003DE0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~DFBA0ECF9A11AEB8B1.TMP

MD5 f3f6a975eb94d41ac68f907ffbeeedd5
SHA1 5b59e3ddbc0a88926e0df4ceea0dde3a76a672d4
SHA256 7ae289707fd1ef4011fba475a085569d21ee5999334507a612c23de80ed17862
SHA512 f590efd6b2381946d3a7372492daf4c7835773147f075fa0dbdfb17122ef2b8f84cdeba6c4ff54ae6883d21ae51a10bfbf200831416ac0d6e38fba86a5a2e2a1

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 3baae438f925ef5b7d57876258515161
SHA1 b8fd49f8dfd81a51e55626bade8bfc5584f054b6
SHA256 1442bd517e61f356d6960ed687610fd9fbcbf049d4625893b8ec57f49f0a096a
SHA512 5d6b0c27ed1bd5e650bb443a7d91c50d234bd645ff7d95088cb3a5c25eade29eafc06e156116a5b677389f18bbdd2526e6f4f6927a97eb5da1ecfb9910d28a6b

memory/2188-1212-0x0000000000330000-0x0000000000331000-memory.dmp

memory/2476-1214-0x0000000001D00000-0x0000000001D01000-memory.dmp

memory/2188-1215-0x0000000002DE0000-0x0000000003DE0000-memory.dmp