Analysis Overview
score
7/10
SHA256
26c76cf5ce5f7b1968d31782afe50a56275eee121497a798a39e18910864b07b
Threat Level: Shows suspicious behavior
The file jre-10.0.2_windows-x64_bin.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Registers COM server for autorun
Loads dropped DLL
Enumerates connected drives
Installs/modifies Browser Helper Object
Blocklisted process makes network request
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Modifies data under HKEY_USERS
Modifies system certificate store
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-04-07 21:39
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 21:39
Reported
2024-06-03 19:23
Platform
win7-20240221-en
Max time kernel
121s
Max time network
132s
Command Line
"C:\Users\Admin\AppData\Local\Temp\jre-10.0.2_windows-x64_bin.exe"
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds259434732.tmp\jre-10.0.2_windows-x64_bin.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| N/A | N/A | C:\ProgramData\Oracle\Java\installcache_x64\259471205.tmp\bspatch.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-10.0.2\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-10.0.2\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-10.0.2\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-10.0.2\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-10.0.2\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-10.0.2\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-10.0.2\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-10.0.2\bin\javaw.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0052-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0154-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0178-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0049-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0149-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0110-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0080-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0111-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0191-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0110-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0172-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0114-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0098-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0129-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0160-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0068-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0116-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0188-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0096-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0144-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0154-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0107-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0066-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0117-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0150-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0144-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0174-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0088-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0113-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0149-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0015-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0101-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0117-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0100-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0097-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0155-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0086-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0132-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0143-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0124-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0130-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0039-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File opened for modification | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jre-10.0.2\bin\api-ms-win-crt-utility-l1-1-0.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\tnameserv.exe | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\jdk.security.auth\LICENSE | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\lib\classlist | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_259500331\java.exe | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\glass.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\lib\fonts\LucidaBrightDemiBold.ttf | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\api-ms-win-core-processthreads-l1-1-0.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\api-ms-win-crt-convert-l1-1-0.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\jdk.deploy\COPYRIGHT | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\jdk.internal.le\LICENSE | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\jdk.jsobject\COPYRIGHT | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\lib\server\Xusage.txt | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\deploy.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\java.xml\xerces.md | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\jdk.management.jfr\LICENSE | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\api-ms-win-core-errorhandling-l1-1-0.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\eula.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\j2pcsc.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\jdk.javaws\COPYRIGHT | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\jdk.naming.dns\LICENSE | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\jweblauncher.exe | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\lib\javaws.jar | C:\Program Files\Java\jre-10.0.2\bin\unpack200.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\jdk.crypto.cryptoki\pkcs11wrapper.md | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\jdk.deploy.controlpanel\COPYRIGHT | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\lib\deploy\messages_ja.properties | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\lib\fontconfig.properties.src | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\lib\fonts\LucidaBrightDemiItalic.ttf | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\lib\security\cacerts | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\api-ms-win-core-file-l1-1-0.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\jdk.zipfs\LICENSE | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\rmid.exe | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\java.base\public_suffix.md | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\java.desktop\giflib.md | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\appletviewer.exe | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\glib-lite.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\jabswitch.exe | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\vcruntime140.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\java.rmi\COPYRIGHT | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\msvcp120.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\jdk.plugin\LICENSE | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\java.transaction\LICENSE | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\jdk.snmp\COPYRIGHT | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\management_agent.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\jaccesswalker.exe | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\java.xml\jcup.md | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\jdk.internal.le\jline.md | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\lib\javafx-swt.jar | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\lib\psfont.properties.ja | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\javaw.exe | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\java.se.ee\LICENSE | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\javafx.web\libxml2.md | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\jdk.sctp\COPYRIGHT | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\lib\jdk.javaws.jar | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\java.scripting\LICENSE | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\legal\java.se\COPYRIGHT | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\plugin2\msvcp120.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\api-ms-win-core-debug-l1-1-0.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\api-ms-win-core-libraryloader-l1-1-0.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\api-ms-win-core-rtlsupport-l1-1-0.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\conf\security\policy\limited\default_US_export.policy | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\lib\fonts\LucidaBrightRegular.ttf | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-10.0.2\bin\dtplugin\npdeployJava1.dll | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\f7700fa.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2544.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI27A7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDF43.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE53F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f770103.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7700fd.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f770100.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE678.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7700ff.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f770100.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f770103.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7700fa.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1FA8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI25F0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI26DB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID7B6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f7700fd.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE414.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f770105.msi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\msiexec.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72601EDF-E030-4682-B548-27F69B93BDA0}\Policy = "3" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{09C72F5D-AD71-4F38-9E6E-A2BA33D10394}\AppPath = "C:\\Program Files\\Java\\jre-10.0.2\\bin" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\jds259434732.tmp\jre-10.0.2_windows-x64_bin.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{09C72F5D-AD71-4F38-9E6E-A2BA33D10394}\Policy = "3" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72601EDF-E030-4682-B548-27F69B93BDA0} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72601EDF-E030-4682-B548-27F69B93BDA0}\AppPath = "C:\\Program Files\\Java\\jre-10.0.2\\bin" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72601EDF-E030-4682-B548-27F69B93BDA0}\AppName = "ssvagent.exe" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{09C72F5D-AD71-4F38-9E6E-A2BA33D10394} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre-10.0.2\\bin" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{09C72F5D-AD71-4F38-9E6E-A2BA33D10394}\AppName = "jweblauncher.exe" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0167-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0067-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0117-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_24" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBC} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0074-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0175-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0085-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0102-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_22" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0163-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_163" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0019-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0065-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBC} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0151-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0156-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0188-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_188" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0042-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0161-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_161" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0087-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0141-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0181-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0096-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0086-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_86" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBC} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0051-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_51" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0070-ABCDEFFEDCBB} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_32" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_10" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0114-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_121" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0166-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_166" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0096-ABCDEFFEDCBB} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBB} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0003-ABCDEFFEDCBB} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0152-ABCDEFFEDCBA} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_16" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBA} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0109-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0155-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0114-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0170-ABCDEFFEDCBB} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0152-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_152" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0061-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_61" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0159-ABCDEFFEDCBA} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0101-ABCDEFFEDCBB} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0173-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0100-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_100" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0171-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0061-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0096-ABCDEFFEDCBA} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0187-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0165-ABCDEFFEDCBC} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0173-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0163-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_22" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0166-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0195-ABCDEFFEDCBB} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0180-ABCDEFFEDCBA} | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0003-ABCDEFFEDCBA} | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0166-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0106-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0174-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0136-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_136" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0078-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0081-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_81" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0141-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0198-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0148-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0084-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_71" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0163-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0043-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0004-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0013-ABCDEFFEDCBB} | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0097-ABCDEFFEDCBA} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0122-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0133-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_133" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0057-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0047-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0182-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0068-ABCDEFFEDCBA} | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0172-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0066-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBB} | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0126-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_48" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0119-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_119" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-10.0.2\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0087-ABCDEFFEDCBB} | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0065-ABCDEFFEDCBB} | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0144-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_144" | C:\Program Files\Java\jre-10.0.2\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0087-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\jds259434732.tmp\jre-10.0.2_windows-x64_bin.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\jds259434732.tmp\jre-10.0.2_windows-x64_bin.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds259434732.tmp\jre-10.0.2_windows-x64_bin.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds259434732.tmp\jre-10.0.2_windows-x64_bin.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\jre-10.0.2_windows-x64_bin.exe
"C:\Users\Admin\AppData\Local\Temp\jre-10.0.2_windows-x64_bin.exe"
C:\Users\Admin\AppData\Local\Temp\jds259434732.tmp\jre-10.0.2_windows-x64_bin.exe
"C:\Users\Admin\AppData\Local\Temp\jds259434732.tmp\jre-10.0.2_windows-x64_bin.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 31A7C40F0E035FA756E9A3B60E21D0F4
C:\Program Files\Java\jre-10.0.2\installer.exe
"C:\Program Files\Java\jre-10.0.2\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre-10.0.2\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={EECB2736-D013-5AC5-9917-7656712F6931}
C:\ProgramData\Oracle\Java\installcache_x64\259471205.tmp\bspatch.exe
C:\ProgramData\Oracle\Java\installcache_x64\259471205.tmp\bspatch.exe C:\ProgramData\Oracle\Java\installcache_x64\baseimage_2dd5fe71afe7df677ea0edcae758b597.zip C:\ProgramData\Oracle\Java\installcache_x64\259471205.tmp\jre_image_259472360.zip C:\ProgramData\Oracle\Java\installcache_x64\259471205.tmp\jre_diff
C:\Program Files\Java\jre-10.0.2\bin\unpack200.exe
"C:\Program Files\Java\jre-10.0.2\bin\unpack200.exe" -r "C:\Program Files\Java\jre-10.0.2\lib/plugin.pack" "C:\Program Files\Java\jre-10.0.2\lib/plugin.jar"
C:\Program Files\Java\jre-10.0.2\bin\unpack200.exe
"C:\Program Files\Java\jre-10.0.2\bin\unpack200.exe" -r "C:\Program Files\Java\jre-10.0.2\lib/javaws.pack" "C:\Program Files\Java\jre-10.0.2\lib/javaws.jar"
C:\Program Files\Java\jre-10.0.2\bin\unpack200.exe
"C:\Program Files\Java\jre-10.0.2\bin\unpack200.exe" -r "C:\Program Files\Java\jre-10.0.2\lib/deploy.pack" "C:\Program Files\Java\jre-10.0.2\lib/deploy.jar"
C:\Program Files\Java\jre-10.0.2\bin\javaw.exe
"C:\Program Files\Java\jre-10.0.2\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe
"C:\Program Files\Java\jre-10.0.2\bin\ssvagent.exe" -doHKCUSSVSetup
C:\Program Files\Java\jre-10.0.2\bin\javaw.exe
"C:\Program Files\Java\jre-10.0.2\bin\javaw.exe" -Djdk.disableLastUsageTracking -m jdk.javaws/com.sun.javaws.registration.RegisterDeploy -fixPermissions
C:\Program Files\Java\jre-10.0.2\bin\javaw.exe
"C:\Program Files\Java\jre-10.0.2\bin\javaw.exe" -Djdk.disableLastUsageTracking --add-exports=java.base/jdk.internal.misc=jdk.deploy -m jdk.javaws/com.sun.javaws.registration.RegisterDeploy -fixShortcuts
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 96475CF3DE71C1AD5CA1B21C4E5702B1 M Global\MSI0000
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\SysWOW64\cmd.exe" /c del "C:\Program Files\Java\jre-10.0.2\installer.exe"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding FC29A422E7F11812E9A0812C2005DCE5
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A551333CB2DB0CD4F72FC143861227DC M Global\MSI0000
C:\Program Files\Java\jre-10.0.2\bin\javaw.exe
-Djdk.disableLastUsageTracking -m jdk.javaws/com.sun.javaws.registration.RegisterDeploy -getUserWebJavaStatus
C:\Program Files\Java\jre-10.0.2\bin\javaw.exe
-Djdk.disableLastUsageTracking -m jdk.javaws/com.sun.javaws.registration.RegisterDeploy -getUserPreviousDecisionsExist 30
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| GB | 104.103.251.196:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | rps-svcs.sun.com | udp |
| BE | 23.14.90.91:80 | rps-svcs.sun.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.java.com | udp |
| NL | 23.62.61.163:443 | www.java.com | tcp |
| US | 8.8.8.8:53 | sjremetrics.java.com | udp |
| IE | 66.235.152.156:443 | sjremetrics.java.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 5e01966911d53846e850cd1637e38924 |
| SHA1 | 35ecc365a31691273b7326b467758421244696cb |
| SHA256 | c6d8fc5390af18dc7f39151cd4223ffa08bc6cc3f7b9a94433bd01bba4af49e0 |
| SHA512 | ca03cdf0f455029a32060cc2b1a7ed8f48fe9d07dda96288a1876dd6b78535c7942d9205d579548739faa2b4fad1e8a3eeb713e30232df51496a85e219dbf99e |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 386113afc23ef06542c93ff70151cb87 |
| SHA1 | 7cd1347776f98f43321422360d4e0730942dc507 |
| SHA256 | 115c2aec1b818c339e7773f5ab0615deb4bc5a417d6dc104947dadc087d64c36 |
| SHA512 | c1831ec985b66565e298172252bf0a7d5cab57236b5069e1efefb1ba084478e2ecf8aea2cbab81409eb5aa00a66475f3958126e0b12db42fa78e80710586c7a2 |
memory/2300-147-0x000007FFFFF80000-0x000007FFFFF90000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab408.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar43A.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar643.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Windows\Installer\MSI1FA8.tmp
| MD5 | 1850687430f5458aa3615a51520749f7 |
| SHA1 | 6d51064b3060381daf69530e77bd9b34bb63b61b |
| SHA256 | 6ff503bfc6c5274b6d2caae84ce935a0d269400fedd90587b961ced32eddddda |
| SHA512 | 146b95284887ba6edebb078a9326cf02ce3f44a4d1c93e4fbb56626dce14bf74edd32eaa2b0e89d1bb9bab54cde211a9edd9f2891006b8c4c44a18a307567808 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 46145035e9ff8192c91d4b24d02eba3a |
| SHA1 | fe615b179ed0fa8612b76bca961fac59ae4f2a56 |
| SHA256 | 3ed3362368590409f8e0967a80711b38f8448a7f40037bac6f39ebf511610231 |
| SHA512 | 0f7e8aaf4962d5bd9317e00f7db19632fb2d40f2bdbfda937f47af03b63b5cfb549279a397aed94fa1861f0d9f26ea48f218441f5f0f480b4fbaa5afb1f69f67 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 59716f32209b51a3a7cfc6741612a752 |
| SHA1 | 340ac19f4bc13a1650f14a4dd86a6903ca8dedae |
| SHA256 | 3e734305b0aee47719fb8f84b320bc31a488bae19edff94be0845f17a53f774f |
| SHA512 | e7654113279636a1f895dc11ad89ebfefdfe3bee0b90cb1d8704ca2800030209073443da95e3f5664935d4d2270663a4907291149328ef04376f9e8707c70445 |
C:\ProgramData\Oracle\Java\installcache_x64\259471205.tmp\bspatch.exe
| MD5 | e76d957ac6885bf081878194f44db859 |
| SHA1 | 1ac280ccb177c9179c9af048c40870bbd66545af |
| SHA256 | 6e660254360d0dcdc3909797b2106b212a54f8ab0cdbf62799010cff3956b054 |
| SHA512 | 4d1c6900073e9893d9762f19f87db475b9e790807042f42bd0c34a81e8868ebb4444a297a7858ff1a86e4539c6f32e3788a9f92721c7e88a51061a3a34878693 |
C:\Program Files\Java\jre-10.0.2\legal\java.desktop\COPYRIGHT
| MD5 | 4586c3797f538d41b7b2e30e8afebbc9 |
| SHA1 | 3419ebac878fa53a9f0ff1617045ddaafb43dce0 |
| SHA256 | 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018 |
| SHA512 | f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3 |
C:\Program Files\Java\jre-10.0.2\legal\java.desktop\LICENSE
| MD5 | 16989bab922811e28b64ac30449a5d05 |
| SHA1 | 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a |
| SHA256 | 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192 |
| SHA512 | 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608 |
\Program Files\Java\jre-10.0.2\bin\unpack200.exe
| MD5 | 4b554a6b583bcc690d3e44bf9dc535ed |
| SHA1 | 5ad936dcc9ab8458723b3ae06ba77f25324c75c4 |
| SHA256 | c2c8046d88e4d90df675a9986db9a339dd85936cbfd8db48541108d2ef6ebbcd |
| SHA512 | 8810d3deba000310e0d161991a50fe520ecbbda5060e67660db9090120bf2b2dc71688f8ee1b799ed0cce3750997799891ad072ef5d6682d5c89aea463824395 |
C:\Program Files\Java\jre-10.0.2\bin\MSVCR120.dll
| MD5 | 9c861c079dd81762b6c54e37597b7712 |
| SHA1 | 62cb65a1d79e2c5ada0c7bfc04c18693567c90d0 |
| SHA256 | ad32240bb1de55c3f5fcac8789f583a17057f9d14914c538c2a7a5ad346b341c |
| SHA512 | 3aa770d6fba8590fdcf5d263cb2b3d2fae859e29d31ad482fbfbd700bcd602a013ac2568475999ef9fb06ae666d203d97f42181ec7344cba023a8534fb13acb7 |
C:\Program Files\Java\jre-10.0.2\lib\plugin.pack
| MD5 | d68c892097314a16401abdd0055f532f |
| SHA1 | eed5231fef9198ecadb629e42a086f07f9d663e8 |
| SHA256 | 607612a796ce3ec38d61a82b3f060b136f3decc7ef66f2f3116fc8bd48be2e91 |
| SHA512 | 6b903a4323f99ba94453e2a891050a525ffdbe0101963325611185c3402bac97b79c79168d286611e4304fdc62e1fa24e5c32fde52007d13dbfe2572eb5db5aa |
C:\Program Files\Java\jre-10.0.2\lib\javaws.pack
| MD5 | e621d9c671ee20d2642d87817603c5e6 |
| SHA1 | a6bd4d3208866a213a878fc92a9521a42d4b1f91 |
| SHA256 | 394734aa38987845fc08254c884c75d21d26ab8edf3ae4c48867ebf730b2d1ad |
| SHA512 | 1beee51f702c88c8c6515d57660f9c3eada77486cac572001111ef7a79a6597dfb3ce7cd68a25f2b244cf073781ee4906b39b8d4eb5fcdee0ee1b4cb1fcc7982 |
C:\Program Files\Java\jre-10.0.2\lib\deploy.pack
| MD5 | 7362147e342d000ce467d4154896eec9 |
| SHA1 | ed35cd9c9e32a309c7346893f40e5023236beff3 |
| SHA256 | 47d331d6a584d54efb67142dbebd5ba257d7f804deca5f55701e22955ea8a823 |
| SHA512 | b003ab04cbd2b554a8ba712e58aa591c92eb4350401511d507a3255f3ec223ec2cad51f1364b567e407ca1f3a63b019a583cf8a4b915c91f073bbbe6a52605fe |
\Program Files\Java\jre-10.0.2\bin\javaw.exe
| MD5 | 7c05ed02f40a3499aa718569c40e065c |
| SHA1 | fe4f36fc365f516577795d373763c26dbac6e4b9 |
| SHA256 | 178c95a11e3e4b2bed84a6d660ac69bc11d4f0722ecb03fd0ec740b37eebba8b |
| SHA512 | b46d1ad8f2de2404863f217680bc38939a8f03c378322c5837f36be598077557e058a75198db7b83059ec8419a2f5d26fcb953acad43f5fa93e30a5d21824198 |
\Program Files\Java\jre-10.0.2\bin\java.dll
| MD5 | e9ed37a8939f349d4213551510795e53 |
| SHA1 | 0a2712cfb79a78e0440125411ee1d015a1cba365 |
| SHA256 | bdd6b18560561e9d514cc3c6f6ce630ca1407ffa4f4d68e86e35d93000a6bc51 |
| SHA512 | dfdeeeabae79484e65a587f21e6952b048c4bd7f9556d3d230fdbf7d97c065f20273d25206ad0d4073520c2b1dfc7c90e7c356728b2aad9137d3e036cd6597e9 |
C:\Program Files\Java\jre-10.0.2\lib\jvm.cfg
| MD5 | e8c0e384b66bb391608297b00d52f939 |
| SHA1 | 29848fd719e290e214ea03148b85c36b81c97901 |
| SHA256 | 13e9b24468cc662f8e17b33a5b3f577b5197bba899e9dc4d823ab2b6d71a7ce4 |
| SHA512 | 5fc7096e36b43fbabedba10ad4f6b7d605f78604772fb79b6712faf41f90bb63e2b2a1908a282be8499cd3a911a0b69e6e09685775870b60255c2b2d1ce57408 |
C:\Program Files\Java\jre-10.0.2\bin\server\jvm.dll
| MD5 | dedfc8a105b491c279a9ba8c7e54382a |
| SHA1 | cd07d5f5c9cf77210317e3fbf20fe35d3508a161 |
| SHA256 | 896011ea575dad573b308827e74381aade3b465c7ec8dfc901c9f898697e4411 |
| SHA512 | 681297fa95187758120dd7caab24edd4c28f5af93553140d9edc50c0891cce6f0a3dfa6b83ac7a3ee667a06fbb1dee4525154348aa6714fb608d6a2ae57e76c5 |
\Program Files\Java\jre-10.0.2\bin\msvcp120.dll
| MD5 | 46060c35f697281bc5e7337aee3722b1 |
| SHA1 | d0164c041707f297a73abb9ea854111953e99cf1 |
| SHA256 | 2abf0aab5a3c5ae9424b64e9d19d9d6d4aebc67814d7e92e4927b9798fef2848 |
| SHA512 | 2cf2ed4d45c79a6e6cebfa3d332710a97f5cf0251dc194eec8c54ea0cb85762fd19822610021ccd6a6904e80afae1590a83af1fa45152f28ca56d862a3473f0a |
\Program Files\Java\jre-10.0.2\bin\verify.dll
| MD5 | 16f72cabeeeb822ce02a6e9148172b0e |
| SHA1 | 533fa0e183141ae576f47a4465d7ba8b13fb782a |
| SHA256 | 2b6f7e2d88271feed4c99c829c391272db6fc99ea3f6f0b8e23230e6e33e849c |
| SHA512 | 9693fc9d44c91a2268d2af29ded6ce011ce05526e4b647abe71f28e8dd27127df35a88262cfdcd716babff90a0bfa1e202a0da7fa2c3982f4edc8f0681e6c968 |
\Program Files\Java\jre-10.0.2\bin\jimage.dll
| MD5 | 3ac93ed97356271b9dc96aadfd42ac69 |
| SHA1 | 9117a62bc9747e5109dcc306232741132969e4c9 |
| SHA256 | 4fee27032d65d8ee16bfafb9fc00adeaedef9873f9f6be1f5d46a6f7fa657409 |
| SHA512 | 2b1cae103bd6a29194dd6ff9e79b240696a186711ad317e45ad59d84be43b10d9432f8320ebb248512cf6eabcc3990805a58978191c9ad599ef7df46529f66da |
\Program Files\Java\jre-10.0.2\bin\zip.dll
| MD5 | 93c5f641909f60ddfb05dd18fa1bcf0e |
| SHA1 | acf8d3b093c133fa9580a75238399483cd60b6d0 |
| SHA256 | 280c965ceded6a904a1119ea21f9b8828a33d108ee14668e476bceeaf515f3ca |
| SHA512 | 0ac91c28e1590695d4d1cc4d2a43e5c795edb27539fde196f07861f89fa14ddab204aad0885516234a349c7b9101255bbedcbd6405bf30532222fd0d04feb2c9 |
C:\Program Files\Java\jre-10.0.2\lib\classlist
| MD5 | e693289cd3bc7a08f3f1162da609134c |
| SHA1 | aaeb5c821b0604988517c1a7027133928d5a4ad7 |
| SHA256 | 911476bb2e0b748d09f5f2839dbf4102db51ff45ffd315ef9fc93a271b9a6484 |
| SHA512 | faf50a3b12e5a5c9162b9ca327cc4e691f2449cf7c2698bfdbd778fc0767d9b01dcaedcb383f821ef00cea514b0c1bde9e5565be5c10a5c388692bb775177027 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url
| MD5 | f30f63a3fa9d0196069227a1f7ac76a3 |
| SHA1 | 4eb4ee7d0666d2a2144825f03c1d1b0942ca0036 |
| SHA256 | a01980bdbcde178fa5e3f958994eebf701877353a15e1d4fc4b119081a93c78c |
| SHA512 | 157d3a9cb7aa9ec117fb0ea06ea648f5b0d007cc8feec4856b80d47629de84b7760f6dac9e5558fe043a26d68404867b90d0803add416dd67c73555b5bbc46bf |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url
| MD5 | e7682c14b2d7544e0a51759dd56234a1 |
| SHA1 | 9acb9ea501be329a63acbb939335ef9e96aa751e |
| SHA256 | 3a698e98e4b19b910730da58ae0ecea089b06e3e57924a96f16d1b40a980fe8a |
| SHA512 | 0ad3595280e7fac2f402c4814d44b2f7520deaed69dc51c040f106509cd6d0847ca44709221603e63b311036002b17bfbab0c0058efbced0da4b2a98a9836fc8 |
\Program Files\Java\jre-10.0.2\bin\javacpl.exe
| MD5 | 14d1fe07a810dafba3e2343a72419661 |
| SHA1 | 991706ee3fff399cf87d0d7acc69d5d043fe0edc |
| SHA256 | fcc6e3df9bafadb0badfc096250606516688dd6adb8481e9fc1daa953bd5d471 |
| SHA512 | cd15f02959531aad6344186724cc6adffbe1271c3af74cecd73729cb2bacecd38c39c742f8e150e556e9b3f6fa17639d727f5ab85c0c20a0752ee951e07003dd |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk
| MD5 | 42734f2565ebd0f1e61dccbe7045f665 |
| SHA1 | d380a19aab99f6cf54a19f5587024509818a2d89 |
| SHA256 | 629cb4f37d95a26476a5a29307cb85680a2a2105abdf3ef455fc415bf337f022 |
| SHA512 | b081bef263c5ebd85a9a6f935a4898d8e35b43299d9a0b356f982f8037d4413c19c3aceb079eeaffd28a2f7fa31561eb1685c2e8c8650288b065f4f023f0be3a |
C:\Program Files\Java\jre-10.0.2\bin\javaws.exe
| MD5 | 2ca2f72d189008a00416b83c638d70f6 |
| SHA1 | af2a825ff2a4fca795fc6119b96598b2b6713147 |
| SHA256 | 08fb99d9a05e2b8342fad819d7fc25ada7cd95574cd405b159d519bf5dd2e8d4 |
| SHA512 | 34cabff03fb27e85192ca40d032b5b6409ed1c20e5dee97012a00bdd4bc8e8a956cd0d07d78c50c16edcba08e9290e401a922448762d5606fc1162cc1f2d1951 |
C:\Program Files\Java\jre-10.0.2\bin\dtplugin\npdeployJava1.dll
| MD5 | 0e74cedcc095d09d1ce51b4270fe0134 |
| SHA1 | 309a4c97488bd32a30e806aad568bb54e337ed51 |
| SHA256 | 4e3b0aac5e88ecd208d92e87ec403ed4c79d438c62cadf17c73f8b55ba23f3c8 |
| SHA512 | ef5b3578abe26f63e621cf0bffcd237e92251112535d41eb0e7c2991df202ad1aaefc7ab53c9de1b380bef1ce3b10f105d21e8218b1b55f07d7e3f1b66139147 |
C:\Config.Msi\f7700fe.rbs
| MD5 | 59eecb3c78c9fb37a766bb67819e11d0 |
| SHA1 | 9635449956246079825fb63b62f371f9bdc1d0b7 |
| SHA256 | e69642fdbaed5c527d92503ea2d18dde471eb6ec89220aed6bf12e31bced2090 |
| SHA512 | 071c70546c20fb780d0e10cd037cfcbfd19ecfd0d4b24e75e06994da1828440907ad855ca89eb358809735ec22a53fbc488e76a884e660b26aaef255e24d15f5 |
C:\Windows\Installer\f770100.msi
| MD5 | ac7b9ee3740e06fbaf03a5be8cfb317a |
| SHA1 | 84000bded251f9fc61ba61dcf7e11cfbe52c729b |
| SHA256 | 3b1bc9804ff6bf7e3c598526eac8c62d6bce0346de6624e6d6a2b971e5d5947a |
| SHA512 | d914cfe08d8ab849bb23e75fcf421b33293b934b9a973abf404025a56b88ff392d6da6ff6af4a27fd99822077a3bb0d363d0ade57d80f52e83d070844cb10f10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 174d158452280ee3f3274a5851236eed |
| SHA1 | d034ad17a27b3755c98352cf1d774115e1358781 |
| SHA256 | 70cc87809b2e190b8c4c1dcfd29cb0b1e26e7c6909b07ecbc28f964562509976 |
| SHA512 | b9da5d034e945ca4b602a76f081af4e5895a8ceb83211d68cc2d754edb3e3ba1b2dc9cf1b116e139765517fc5f5a6a89101276e032e81d8c09e00509a3f6cf66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d26660f9bd8d598a2a1a7760b8e5f575 |
| SHA1 | b085a598d13473a3bdd3c7dadb03321e55bdd40a |
| SHA256 | cedcc3194a846476f55641626b0cd829442f73916594319f4c23eb05dea1ef6e |
| SHA512 | c01825b0c43d38a3e51b7a50ecc4c0a54c768b3a762018fb299ff077ecb69f1319995fb89253ea5175cb47f3a3053d4bf064071d45ffaad53877517fdaca4333 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Windows\Installer\MSIE678.tmp
| MD5 | d8c647f1e2afdef62a6988f0baca820f |
| SHA1 | f63816b45cbe49c84489c6090dfd172041fa82c6 |
| SHA256 | cd912f9b52a00cbd45dd75af6d1c7fb547d7f0877f79c49a51c1ef2fe96b1fea |
| SHA512 | f1c06e4412d04f7c62013cc8647e54826225e72f7d5311e093b4945f73baffcb899a94a49189cf146f053d0026e9f6bee6978dcbc0caf98e71a4d765e29b9256 |
C:\Config.Msi\f770104.rbs
| MD5 | 0a352ff6b7d0c6ff2adf6e5fd68e48ad |
| SHA1 | 9d827a0a5abf29c832253a8f85383d02dac260ca |
| SHA256 | 493dacc949b41a085eda7432a70a3a2a9ab77446570b8504ba4e09d9a0e30807 |
| SHA512 | b53e293d031f6f6724edc19a4eb6a6cb57702bc44b20093b9db1bd8eb66ea786d1095301a7e605d25eb14290d4bd0fa93619a161f28fb79e996b42989abc84fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\runtime[1]
| MD5 | b6871e79037226098441b8b3cc81d607 |
| SHA1 | 1d16b4fd7a1746730aa915ba36b3047ba11c7698 |
| SHA256 | 42e0016d21e63d36c987ed0347d07d55cfe4648183a79072a7c75675a18629bb |
| SHA512 | c237f0bc9f4e00a8fa755d4025d9002dc818cff565944f37a41eb4c9b306432a11d017dddd95a3b257ccb5363d8a051514093749fa4cff7412abb0d5818fdcc7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\host[1]
| MD5 | cc8ab7a5af0b3aaf0860365963db68f5 |
| SHA1 | 6c840b0a04b6bdff250b4b107d2468b511b52b14 |
| SHA256 | 396eb5a5dc652dc646fbf5e582dd85561cf24f1a80ee544ba000616dfdf739b1 |
| SHA512 | 734094a97c5e4c40fc39aed74a9a2fbe6fd4131b1e2e1b6fb88ac964d1584478bc89a0789e6aefd3d7395a0412a497a14780e720e55c3b897eaba8690c30f17e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\l10n[1]
| MD5 | 1dc701a5bb8b416b19e746e13da3f000 |
| SHA1 | 3e5e362882f492ac716a5ec2db2a1a8c754801ee |
| SHA256 | 8a98faee6a869c534270e3137e693956e5315fa7da5430a9814c4cbe37918d9e |
| SHA512 | dafa77e4be10ec7273742de973422c9f0659d3892a15d545172bd0f29c71bcfead09b80091d040a0b44b8276586dc2a402cf4cae8c3aab25dae4adaa9b1c5d3e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\layout[1]
| MD5 | cc86b13a186fa96dfc6480a8024d2275 |
| SHA1 | d892a7f06dc12a0f2996cc094e0730fe14caf51a |
| SHA256 | fab91ced243da62ec1d938503fa989462374df470be38707fbf59f73715af058 |
| SHA512 | 0e3e4c9755aa8377e00fc9998faab0cd839dfa9f88ce4f4a46d8b5aaf7a33e59e26dbf55e9e7d1f8ef325d43302c68c44216adb565913d30818c159a182120fc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\rtutils[1]
| MD5 | c0a4cebb2c15be8262bf11de37606e07 |
| SHA1 | cafc2ccb797df31eecd3ae7abd396567de8e736d |
| SHA256 | 7da9aa32aa10b69f34b9d3602a3b8a15eb7c03957512714392f12458726ac5f1 |
| SHA512 | cc68f4bc22601430a77258c1d7e18d6366b6bf8f707d31933698b2008092ba5348c33fa8b03e18c4c707abf20ce3cbcb755226dc6489d2b19833809c98a11c74 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\common[1]
| MD5 | f5bb484d82e7842a602337e34d11a8f6 |
| SHA1 | 09ea1dee4b7c969771e97991c8f5826de637716f |
| SHA256 | 219108bfef63f97562c4532681b03675c9e698c5ae495205853dbcbfd93faf1a |
| SHA512 | a23cc05b94842e1f3a53c2ea8a0b78061649e0a97fcd51c8673b2bcb6de80162c841e9fdde212d3dfd453933df2362dcb237fe629f802bafaa144e33ca78b978 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\masthead_left[1]
| MD5 | b663555027df2f807752987f002e52e7 |
| SHA1 | aef83d89f9c712a1cbf6f1cd98869822b73d08a6 |
| SHA256 | 0ce32c034dfb7a635a7f6e8152666def16d860b6c631369013a0f34af9d17879 |
| SHA512 | b104ed3327fed172501c5aa990357b44e3b31bb75373fb8a4ea6470ee6a72e345c9dc4bcf46a1983c81adb567979e6e8e6517d943eb204c3f7fac559cd17c451 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\masthead_fill[1]
| MD5 | 91a7b390315635f033459904671c196d |
| SHA1 | b996e96492a01e1b26eb62c17212e19f22b865f3 |
| SHA256 | 155d2a08198237a22ed23dbb6babbd87a0d4f96ffdc73e0119ab14e5dd3b7e00 |
| SHA512 | b3c8b6f86ecf45408ac6b6387ee2c1545115ba79771714c4dd4bbe98f41f7034eae0257ec43c880c2ee88c44e8fc48c775c5bb4fd48666a9a27a8f8ac6bcfdcb |
C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log
| MD5 | 2b0e6e3fe24606f9c8a44b0e7886789e |
| SHA1 | 082fee626bee724049188899b680382c87394f96 |
| SHA256 | b2a371ecb4546a924041c40c72f9970b39f7231bc83686b21f039a8dd9523347 |
| SHA512 | fb141cbce9153ddaeb49054e42f9bc4dcbc1f4cf22aecec031d78050b106a29353a0a2f85a002a16809dd960164058744d5130e884c6e70d036474164265d970 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 21:39
Reported
2024-06-03 19:26
Platform
win10v2004-20240426-en
Max time kernel
308s
Max time network
252s
Command Line
"C:\Users\Admin\AppData\Local\Temp\jre-10.0.2_windows-x64_bin.exe"
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240598265.tmp\jre-10.0.2_windows-x64_bin.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240598265.tmp\jre-10.0.2_windows-x64_bin.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1128 wrote to memory of 1192 | N/A | C:\Users\Admin\AppData\Local\Temp\jre-10.0.2_windows-x64_bin.exe | C:\Users\Admin\AppData\Local\Temp\jds240598265.tmp\jre-10.0.2_windows-x64_bin.exe |
| PID 1128 wrote to memory of 1192 | N/A | C:\Users\Admin\AppData\Local\Temp\jre-10.0.2_windows-x64_bin.exe | C:\Users\Admin\AppData\Local\Temp\jds240598265.tmp\jre-10.0.2_windows-x64_bin.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\jre-10.0.2_windows-x64_bin.exe
"C:\Users\Admin\AppData\Local\Temp\jre-10.0.2_windows-x64_bin.exe"
C:\Users\Admin\AppData\Local\Temp\jds240598265.tmp\jre-10.0.2_windows-x64_bin.exe
"C:\Users\Admin\AppData\Local\Temp\jds240598265.tmp\jre-10.0.2_windows-x64_bin.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\bf6916c70a3b45fb95bad2f2d5d94713 /t 2628 /p 1192
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\jds240598265.tmp\jre-10.0.2_windows-x64_bin.exe
"C:\Users\Admin\AppData\Local\Temp\jds240598265.tmp\jre-10.0.2_windows-x64_bin.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\7204e2539db344a880ca38997005ba12 /t 1784 /p 2920
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| GB | 104.103.251.196:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.251.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.181.190.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 5ea1908b717a7a1fb2795cc8f8b29c16 |
| SHA1 | 6bbea93bb424924b24ed03f3350649528bf69feb |
| SHA256 | 4ba793ee2f6f1bc285b84e62a6138ec00308946450be9b3bbb4731a1fe5da845 |
| SHA512 | 226b8071c8b5c006e4e49d36bbf0b47f99021f2208f439dad68653bb335aa22182574d87bb9a78ed5c0d0e490489b4c16ee1a5eb502467040b242e4dc5c7c550 |
memory/3464-82-0x0000029BEC340000-0x0000029BEC341000-memory.dmp
memory/3464-83-0x0000029BEC340000-0x0000029BEC341000-memory.dmp
memory/3464-84-0x0000029BEC340000-0x0000029BEC341000-memory.dmp
memory/3464-94-0x0000029BEC340000-0x0000029BEC341000-memory.dmp
memory/3464-93-0x0000029BEC340000-0x0000029BEC341000-memory.dmp
memory/3464-92-0x0000029BEC340000-0x0000029BEC341000-memory.dmp
memory/3464-91-0x0000029BEC340000-0x0000029BEC341000-memory.dmp
memory/3464-90-0x0000029BEC340000-0x0000029BEC341000-memory.dmp
memory/3464-88-0x0000029BEC340000-0x0000029BEC341000-memory.dmp
memory/3464-89-0x0000029BEC340000-0x0000029BEC341000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | b33e0cf6aa0646e4c90d2c46e7195f80 |
| SHA1 | 916e46ee4edb7273c17529cadd2f243928df7774 |
| SHA256 | 9d4de6c5a76963782e0e607ada0d7ac781d118782f075e293d6582397fe89816 |
| SHA512 | 5c4c749b360d1a637ad393b47ea4c2064e6e2850e587e2d89eeb1be7ef48dedb25f4dffa0f96658d656e8822d348bb005d6b05a70224b868649d1dc925b808d0 |