Analysis Overview
SHA256
0dac8dc377514354055690218d20c710c00359792716f2d4dc10d53397281b67
Threat Level: Likely malicious
The file f0f4590178c4a113403f4443208baab0_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
Reads user/profile data of web browsers
Enumerates connected drives
Blocklisted process makes network request
Installs/modifies Browser Helper Object
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Modifies data under HKEY_USERS
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-15 11:31
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-15 11:31
Reported
2024-04-15 11:34
Platform
win7-20240221-en
Max time kernel
120s
Max time network
145s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\javaSetup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\javaws.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0095-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0079-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Windows\syswow64\MsiExec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\java.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\java.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Windows\SysWOW64\javaw.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsAccessBridge-32.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Windows\SysWOW64\javaws.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Java\jre7\patchjre.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\awt.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\javafx-font.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\ext\sunjce_provider.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\MST7MDT | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\instrument.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\deploy\messages_ja.properties | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Winnipeg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Aqtobe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+3 | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Honolulu | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Zona\License_uk.rtf | C:\Users\Admin\AppData\Local\Temp\f0f4590178c4a113403f4443208baab0_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Adelaide | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Darwin | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\JAWTAccessBridge-32.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\jfxwebkit.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\security\local_policy.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Boa_Vista | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\COPYRIGHT | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\jqs.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\policytool.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Boise | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Swift_Current | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+6 | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Norfolk | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\YST9 | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\axbridge.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\management-agent.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Jujuy | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\Madeira | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Brisbane | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\charsets.pack | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\jvm.hprof.txt | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Mexico_City | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Yakutsk | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Guam | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\kinit.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\deploy\messages_zh_CN.properties | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Chihuahua | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Chita | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\Stanley | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Bougainville | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\java_crw_demo.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Fortaleza | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Godthab | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Jakarta | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Athens | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Wallis | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\JavaAccessBridge.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\zip.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\tzmappings | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Santa_Isabel | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Choibalsan | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Hovd | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Magadan | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Sydney | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Nauru | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Halifax | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Mazatlan | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Uzhgorod | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Indiana\Vincennes | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Jamaica | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Europe\London | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Wake | C:\Windows\syswow64\MsiExec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\f76ec33.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76ec33.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76ec36.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76ec38.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76ec36.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF590.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF8AC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFC75.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76ec39.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76ec39.msi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\msiexec.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files (x86)\\Java\\jre7\\bin" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files (x86)\\Java\\jre7\\bin" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "8506828" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" | C:\Windows\syswow64\MsiExec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\javaw.exe\IsHostApp | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_67" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_40" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ = "Java Plug-in 10.80.2" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\JNLPFile\Shell\Open\ = "&Launch" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_66" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_03" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_21" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_31" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBC} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_60" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0092-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_18" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_71" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBC} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0079-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBC} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0082-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_82" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\f0f4590178c4a113403f4443208baab0_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\f0f4590178c4a113403f4443208baab0_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\javaSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\javaSetup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\f0f4590178c4a113403f4443208baab0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f0f4590178c4a113403f4443208baab0_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\f0f4590178c4a113403f4443208baab0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f0f4590178c4a113403f4443208baab0_JaffaCakes118.exe" /asService
C:\Windows\SysWOW64\cscript.exe
cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\javaSetup.exe" /s REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\jre1.7.0_80.msi" REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0 /qn METHOD=joff
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B63C7DE9386E17DE27A581120351425A
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B1D0D959D0D4DF2991F8ADBA00DB27E9 M Global\MSI0000
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\rt.pack" "C:\Program Files (x86)\Java\jre7\lib\rt.jar"
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\charsets.pack" "C:\Program Files (x86)\Java\jre7\lib\charsets.jar"
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\deploy.pack" "C:\Program Files (x86)\Java\jre7\lib\deploy.jar"
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\javaws.pack" "C:\Program Files (x86)\Java\jre7\lib\javaws.jar"
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\plugin.pack" "C:\Program Files (x86)\Java\jre7\lib\plugin.jar"
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\jsse.pack" "C:\Program Files (x86)\Java\jre7\lib\jsse.jar"
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\ext\localedata.pack" "C:\Program Files (x86)\Java\jre7\lib\ext\localedata.jar"
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\jfxrt.pack" "C:\Program Files (x86)\Java\jre7\lib\jfxrt.jar"
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -Xshare:dump
C:\Program Files (x86)\Java\jre7\bin\javaws.exe
"C:\Program Files (x86)\Java\jre7\bin\javaws.exe" -fix -permissions -silent
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\Program Files (x86)\Java\jre7\lib\deploy.jar" com.sun.deploy.panel.JreLocator
C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
"C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre7" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTdcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xiaW5camF2YXcuZXhl -ma LWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Sun\Java\AU\au.msi" ALLUSERS=1 /qn
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A3EAC11B24007FE122034DDBCAED0E31
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -r jre 1.7.0_80-b15
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\Program Files (x86)\Zona\utils.jar" ru.megamakc.core.JavaVer
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | i2.x8.net | udp |
| US | 8.8.8.8:53 | zona.ru | udp |
| RU | 178.218.223.40:80 | i2.x8.net | tcp |
| NL | 5.35.172.6:80 | zona.ru | tcp |
| US | 8.8.8.8:53 | w1.zona.pub | udp |
| NL | 5.35.170.40:443 | w1.zona.pub | tcp |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | dl.zona.ru | udp |
| RU | 46.254.16.107:80 | dl.zona.ru | tcp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| GB | 104.103.251.196:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | rps-svcs.sun.com | udp |
| BE | 23.14.90.97:80 | rps-svcs.sun.com | tcp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| NO | 104.110.22.225:80 | javadl.oracle.com | tcp |
| NO | 104.110.22.225:443 | javadl.oracle.com | tcp |
| US | 8.8.8.8:53 | sjremetrics.java.com | udp |
| IE | 66.235.152.156:443 | sjremetrics.java.com | tcp |
Files
C:\Users\Admin\AppData\Roaming\Zona\init.xml
| MD5 | 508525d6e4da0acd0af1578e36f3e882 |
| SHA1 | 524df4ffb205cc7e32e3f3ecfad361d23cf074cb |
| SHA256 | 8fb7f52bce88163b210a71056540eb8fd5eb98695f7eb54966c78d9a676edb2d |
| SHA512 | 6be92f570d78d317df84f90b8aa8a1a2ad5df717848f9acc6d1567d054d86fb5e143f62a0adf0fd0c57df8d1569f282a8a1094a3eab66f6d02dd457ffd99b3ac |
C:\Users\Admin\AppData\Local\Temp\hd.vbs
| MD5 | d8682d715a652f994dca50509fd09669 |
| SHA1 | bb03cf242964028b5d9183812ed8b04de9d55c6e |
| SHA256 | 4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba |
| SHA512 | eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 57f4331662dd8f7b3a76af1f1aa943a9 |
| SHA1 | 38be9b92e3b6515198f5c537088939698342e565 |
| SHA256 | 420bc7c8178f0ccf0d80ddcba63a777d03ff23737afd3a9984354bf52dc24a7b |
| SHA512 | 2fd0ad356e7d0b4691bb66ec5092582812eec38e56c917ad8335d7a634393c4b652c618ac4a25376b20717d73acfb943cda341f3baa78e630cd0721f54b9a5de |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 019edf4da2a99a98a53e61431dc4b7f3 |
| SHA1 | 50d6e4e8e124ff102c033fa5ff9564d389729db3 |
| SHA256 | c818129d6a4356173a1d676306604acd804f8381dee4759db6f3ea81f67e74fd |
| SHA512 | f3cf1588cf5be60db3b57362625dc654749f53dda4b5c07a718adbaf7a88148bce42b87db054bed790da80f3e596b901fe8708267cad9a277a9c2a751ee44c09 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 413da4a08629aca44811cd33087a3408 |
| SHA1 | 3053935912a58c64c8efa1eec46f1adf027546f4 |
| SHA256 | 396a489ffc77f8bf0eeb01fabc76ba790ce88f3355709dc07c515fc151dc1984 |
| SHA512 | fc0cd601f06b19f893d5a754dfcd660a14d26af15262e387a1c85daa2c36d364f61e42f01cb519dd7cc34f8fbb97dbf87b2cd6d4ab07ae69e90160adb3e74d1a |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 9476dadbb61a673ddd5897493a97cd81 |
| SHA1 | c8c9588a123bf0f1ecf881fa8adb91aa24e867e6 |
| SHA256 | 715977f0b347eeb46c05f10d62c07919d1e3e4d41cf3a04c705b026ef439f9fc |
| SHA512 | 9e9f307485e24c9a20fcbc36f0775a4e4e5d836b1136bceea1951a307376fd84be36a27be696004b513071bd4ac46c916bc087724a924b4bc3642b1041289ade |
C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
| MD5 | f2fd417b6d5c7ffc501c7632cc811c3e |
| SHA1 | 305c1493fca53ab63ba1686c9afdfb65142e59d3 |
| SHA256 | a87adf22064e2f7fa6ef64b2513533bf02aa0bf5265670e95b301a79d7ca89d9 |
| SHA512 | 289ee902156537e039636722ad5ac8b0592cf5cffda3d03cf22240003627b049382b95db1b24cf6a2f7134b0df93ede65a80a86381fc161b54c84a76ed04458b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2b41806d9be5c8ac8f28227a0720c84 |
| SHA1 | 068672d0cc2278ad29a414a7712bd8b1adf4a4d0 |
| SHA256 | 6297ab9e7bf06afeb64d85de887f000ad2250023f7977fc7dc38a32c8c3914fb |
| SHA512 | 7fe0d301ceb28b8f73f6534b980e58a88c5dd0297dbf0967ad71b4787f8a6107e84a06fe25e9e10c98dd1c02dcf068bacaa1bb3c7d9fc8906e0949f1beb97b1f |
C:\Users\Admin\AppData\Local\Temp\CabDF96.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\jre1.7.0_80.msi
| MD5 | e24d9b483ce7a3a6a4406111883457f7 |
| SHA1 | 0d5efff0d110c48f5e6f5d438967427f1e2dbf84 |
| SHA256 | dbf28e21d55dd662cccf4d422a1a645a6a3dbfd6914942dde417d20c4d2fe01c |
| SHA512 | b614b023ce683e78ee685be028fa06d7df90f10360d55de2a8c1214200b0b85998683502f377b01584bf23b72b168c33ef560a78d7abdf68aa3af87beca59398 |
C:\Users\Admin\AppData\Local\Temp\TarEE27.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1916d949ef394b0a54187cf759ea0c25 |
| SHA1 | 90c5ce9ff4e15b9f9ca2ff18dc729abf89551233 |
| SHA256 | 2523e5dd1c24ff0f8cb9a9a7187fd4a0cbc4d545c93133400fb7a645aa913ac8 |
| SHA512 | 7814dbe0c3925a3256a4a7055f7d0e69979d2e16a04900bd07896616b08a7c05bf5144a724ba967a996f53b7c0fe194b1986448dac572d39107854040e189532 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarF08D.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Windows\Installer\MSIF590.tmp
| MD5 | 9f84d910602183954bed6d9660600783 |
| SHA1 | 82e3b122dc63e0a333bca531dd16667d5fafbf23 |
| SHA256 | bf4e4c75d148cb412e28a0b4e665919fd5ac6b9aa6bc3fa75401394759218d5e |
| SHA512 | 09fb450e6c6f22a32d5e06f470070aab17d4973afe307b529093af7fa29ab96b61a89814e4964d005459f8ebb25716134a5e1c41f6ea7d260361b135306544b9 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 6ac3d4eddf72259449ad8a7eba6b0c55 |
| SHA1 | 970e23f55ceeeb5f075999dde923cbb153a84862 |
| SHA256 | 193790aa2b694adf85d2160bcc93e2149eb0897ae429aa027aa49fa5dfd35803 |
| SHA512 | 6b6dd61973568a977d7fd122d94003f28b19bbbf3aa2c76bd2038e472a6aba1be6ae6676804f1b5e7611ceb380ea373e32919d5d873dd41f8049a564368c2d0a |
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\Data1.cab
| MD5 | 003a488a2139105704566b47eb29520d |
| SHA1 | 52d672a592cd52ad5e2e7239421f2659e0d17afa |
| SHA256 | a84262dd486cf59049d0d2d9a1b00dfb5aa5271592edd8de0e052f12496dec67 |
| SHA512 | ab34061f8e04bb1d59f1b35e0e1848a176f2b119095e79015130da3a4384c70fa35ecbe1625e07c0eb0de49c67bcdbba59f10fa1dfbbb2066dcb6ee6825215de |
C:\Program Files (x86)\Java\jre7\core.zip
| MD5 | 84ca7053c19a77354a440583a89b6bde |
| SHA1 | c64fbc5986c9c2b3e3ef49dbdd2c0c02f7be4742 |
| SHA256 | 2f04931188f5a292cb2ae041db0b0ef3f603b2d4d58634d18353a682b58c6869 |
| SHA512 | 0722beffe0423d28bc7ab56477f31fbdd4e0ef2e2640e229704907c33c1d2e2406f301a24ba4f2e3d7aed4b229d3b031bb752bf2f258147a54f7ae43453115d1 |
\Program Files (x86)\Java\jre7\bin\unpack200.exe
| MD5 | 0d46182b6134aa9c7acd16133d67e4c3 |
| SHA1 | 7b5be3d65e5e744723bf55a08f9dc1042585d5eb |
| SHA256 | c89091f2a4de2fcf10b30e54a74ec5764e2dfc0577f4f1d879ac8816e3b08bcc |
| SHA512 | 735b6c6bd69b22a71c15ae44c6fa1693700321dc3b4b2367ce05d5c37df62e45d1d3836c2c0f5e44be1036aeb11a533c2a4dbec55163b4a15adfa1c8ef75673b |
C:\Program Files (x86)\Java\jre7\bin\MSVCR100.dll
| MD5 | bf38660a9125935658cfa3e53fdc7d65 |
| SHA1 | 0b51fb415ec89848f339f8989d323bea722bfd70 |
| SHA256 | 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa |
| SHA512 | 25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1 |
C:\Program Files (x86)\Java\jre7\lib\rt.pack
| MD5 | b6d75e8c90c79af1579769f10b1e5c88 |
| SHA1 | 146cb3f05fa161885e8faf079fa2bbd89b5c5b18 |
| SHA256 | 82dc6806d9ec9eb16604f90a5c78d0d882b69a0e718d8f6c3c6b7c9719887b7e |
| SHA512 | 02cdd0c0d6e71bc09120db2cd3b9471c0176567d92bb74a08c13e82c1d23722eb4afac41583a11dee3fc531fd442754ee0f5cb964898ec036ddd432947996037 |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | 6a86e8d216a77baa9084e18e231204a6 |
| SHA1 | 6c1e488a58c0776519fb5eb4161d0f929aecb188 |
| SHA256 | 49c96e06d4d875bd04d6dba41567347e0ca43f712b54dfcb240bbf8da12506d3 |
| SHA512 | 6c4dddca4bcad858ff042a9f15da6226cf8c4a7c84215a1cba8b6625ef192d74451fb11a9ceb6c5a6450b71fec24c69d404505717c008c9009ca8e0a8a57c37e |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | 5da1b3686b8239c4278b11288b0b441d |
| SHA1 | fde3ebc5be1347693b9a66877f78d40929383ff8 |
| SHA256 | c2e1e432f32ceaef9be282ed1216275604f03a9fc514781161eaa89c32046f56 |
| SHA512 | a5a118bc340169f36c7b69a1d5e20b23be6132be6926664d67839357c40ac7a9337014a9aa570b72f3f3ce816a3b003915516effb764ac00f3959a75a9d05b1d |
C:\Users\Admin\AppData\Local\Temp\java_install_reg.log
| MD5 | b8fb107bd13db98220f268c8934f9966 |
| SHA1 | 9ae449edd077dbe9fc765619a318359a03284b18 |
| SHA256 | 54319cb0aa82dc67dffada8af6e5fdb235b0c27575f4c7ddfe7a6f834243d3eb |
| SHA512 | af996421da8f6655c62693db73770777b981334e368c0a288b8e7ba5dc20577adc7605336cb0a1d65ae41f0e4cae09e572ccf657c9c35aed679b0ccf17e1941d |
C:\Program Files (x86)\Java\jre7\lib\charsets.pack
| MD5 | 549bbcd204914b543dafee670f110834 |
| SHA1 | 012461935191a55482e8c3d453d245e965a10a2a |
| SHA256 | 8ea5af036ec067a0abcf87b8f5921e2281ff9d259e1d4c3bbe7fa9037cd87d02 |
| SHA512 | b0346a2ec52ce47351286f27f347f5fea99e160aedde52bcf74e1629739704bd975c9c99d8db6be3b6bd45e7fa933616fa081eda49e9b911efcc031c7241400e |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | a256804cf7979b72a2e05766cdc6e6a4 |
| SHA1 | 7318c80b4ff40c397a27cd2fce6c157bea503be6 |
| SHA256 | 0ce92642049b8d6cd1925f5697eb4fd699594fc329d590fb482f9430a449c4a5 |
| SHA512 | 8c8fd367f8e990ae1d291b66ae34efd76dc547e53d3e80b334ce00fc05a703c9a4316025426363106f614ecf64567bb98b918ab019ed084ba47e06f634c397f8 |
C:\Program Files (x86)\Java\jre7\lib\deploy.pack
| MD5 | b2a448112b7c886ccce9b6a3d5efd8a0 |
| SHA1 | 660bc9efe960015b208a421b1a63443e7151024f |
| SHA256 | 928f6b847f94b920c462a08c43f0dfd3f7c40076b1cd60545523a5c27a4870ca |
| SHA512 | 871da63f4eaf16d77ba6c19c10d8ddd8e94f744c20a70e24793f837023d20e56698d85f67498bc06ec37b73a8f376c220afbe7f3884b00536b710ff49c339b3f |
C:\Program Files (x86)\Java\jre7\lib\javaws.pack
| MD5 | 491bce42c6cd8af88a2e11f37711ed4f |
| SHA1 | 3de7c18fee44465a6afe34e068f2a64dea9fa324 |
| SHA256 | ee43869ee94eefe241d661101ff6a03cc276f8e558967b1b350ea088f1dad2e2 |
| SHA512 | 1e5f99466b77b5a82c23449434272acf5746811ef96b98105f89b3339ccd86734d7713c94b773755219345d673a761a356fbe846a38e7893bd8894e43cf102e4 |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | 95b6db47d83e1c43fe0a6dfa89b6cf4c |
| SHA1 | ce67c5f379dca2775815dba04875bee40dcc8c14 |
| SHA256 | c3fccdfe60a45a816f9389a8ed5678862bb151d10d58d5ed7275a7d0e3714388 |
| SHA512 | 4c9df5f9d618bb0d6827ff187b0f7ba1bc7b17fb34635a84a37353837b5afc6c0c4ff0c913608edb6ec478c540d79084fe2aaa15f45628ab4a53938a223dbbe6 |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | b0949b14d1ae9196d12eaccaa0b62107 |
| SHA1 | 4acd9a8d1411037d73667808f243572d2239c436 |
| SHA256 | 295f8c8bb8e6a16f72874ca3bffdf21b7f4050cdab3bdc1bf055f6a86ce3ea95 |
| SHA512 | b25bcaa9dcb3491a98c799d3281fc88988fec2d6a50c2c127c89a5fea789ec657ab3da53ce54b3f1dd40d33c7f415935bc57b101c23b07d7298864c9047cc906 |
C:\Program Files (x86)\Java\jre7\lib\plugin.pack
| MD5 | 47d6cfa1b01a6d41885504bbc3b1919a |
| SHA1 | 3838060f9d530c972d65f36fa38b265120a218aa |
| SHA256 | 93defaaf7f82e2e9565b27dd31a41c89e02d1b7719d0da0b940a55dcc75b91e5 |
| SHA512 | b0df9b174624234aaeb2b50cf611f698377925a0ae5c5ee9da46c65fcecf4d28941d1bf2332316d9327981c1f8c6c4fecf750e013f04eef63f5df52d27593135 |
C:\Program Files (x86)\Java\jre7\lib\jsse.pack
| MD5 | 31b4d9c29d29567b0ae3037fac9fbdc6 |
| SHA1 | 8b5d1b1a309177466d71a742414d441f600ea38e |
| SHA256 | 9f031f2f1292bb311c400b0a93a11b78a08f013332b1263ea58617b6548862eb |
| SHA512 | b4a8a3a1e837f98a3164e19a6fe939819eb336892335de975822890b52b5923d85fee4c4e5464ccb0d46c847f37f7da98a839aadbf4d20fca355f396a53836c0 |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | 5b2120b15b094ab218e799bfff61dc14 |
| SHA1 | e28431d7b6e4b553a5d1d16ec3b8f97e4c99e3e9 |
| SHA256 | 890825362b7fc3c0d04d28220a0448db13ed45caf20fb07e24cad7cfc89b8af5 |
| SHA512 | 9e7938223631f324d5b7729f0957a9369d864df6d1ef8075419c626b5873e81a39775cb6a2e1a08d8da66b3f444f2eb6699c6b9dee076fdb2a8feacc590eb49b |
C:\Program Files (x86)\Java\jre7\lib\ext\localedata.pack
| MD5 | c8dc1cfeaf0fefc39ed0f1de4eaa175c |
| SHA1 | 11cacbb9e5724d37789455de37a225d8e0c648a1 |
| SHA256 | da2803a283d28882182e1e280b4f25ee1579a5805e73fcc9882e63968f102a8f |
| SHA512 | 6b419ba94ae90f8caa3a57690f2ec7e249c9fb8ab86819439621cde1243c7636ee76820622ce32ed483ce76976f7ced74778898fc2725b1a2407b039fb53508c |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | 2b86d39053fc6e56bd766e03b26a52c0 |
| SHA1 | ef3dc18b0959019ac4501feb955921fb0053907f |
| SHA256 | a0c4e58373a32071c13ea9d822f62773b50746a310cd371e425a2156963e0548 |
| SHA512 | b156b87ba767de35d4be1738eebd393fc584c2294f529834f20d63d5179c6b198925c68b94af63243bc667fd5f87792886af2225c1f3d7933e311b75ad1bc173 |
C:\Program Files (x86)\Java\jre7\lib\jfxrt.pack
| MD5 | dfaa6429468d56ef77932cf26a495f75 |
| SHA1 | 8a21a29225640f1829ae328a24ef9cb5e215a4e0 |
| SHA256 | 8c481a549acfa58b1bac0385906febe33a928d004a529fec505b6a9228678fed |
| SHA512 | 6c19ed573b111315648de0646441486729b304452c15b2282938460a2339db0be4e1eb19cf6f2bf17f73037811ca2553a15957ea96b9d9af64a93045407c1148 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 4ed82ebeba751d710bd945e7ba413b52 |
| SHA1 | b1ca69fa127d04d977e0a2044696f8536ce9a016 |
| SHA256 | e674997035ddd3fe5ddb701b267525818ada10e3ceb060d52bfc932a9e57e8cf |
| SHA512 | d2134657dc36867eabb0b439a32618f5d61f0387550f0650b565cbf1352bec16f26f180030a31fdf671e897cd80a7a0946c75fc82909c0f9031f045df1f0449f |
\Program Files (x86)\Java\jre7\bin\javaw.exe
| MD5 | 64e2bb67ea740860510dcc5c2b6ffa2d |
| SHA1 | 6c5996358264624cdb4a075acc4f0b46177cd259 |
| SHA256 | 844ab2231f45fad60d81770ea36d9937da9aa72cd905ce06e7471ddf9d69263b |
| SHA512 | ed24331883ada44d8b034f5c8bc458e53234109d5cd02a27989972033f5b3305d23365106ce80be81caa16e472c14c103e457a1e0d138eb0d95036e58d877462 |
\Program Files (x86)\Java\jre7\bin\jpishare.dll
| MD5 | 4cf2dff54d2e12e3ab637fcafa7d4c9d |
| SHA1 | dcbd0a027b8017ac396741698dfc3b3f4d1b4c39 |
| SHA256 | 8ff2bc130db2f1fef2e6470adb58bcdba1d2133f9ad21ebd7d80fedd3e537e21 |
| SHA512 | a206001ceaed2df91428f1b7094246e4e7318bf4e7b19c475d4887b5eae49714ff7fa3cfab4133004a51280cf36549b73eecc87428b0b38294297545e9493e67 |
\Program Files (x86)\Java\jre7\bin\java.dll
| MD5 | a258a133f7d565600647a248ab95792c |
| SHA1 | 1c6a855ca1fc04413b906b0b17609eff38317161 |
| SHA256 | 81ad5696a6fcad89127fc7a428636d431b446ff1ee0c37bf87e8d513a8bae7af |
| SHA512 | bf9dd97947eb0c71243ae28255af54b06d9e17af7ade666538dd93f9fdf6d8fbc3855f48bfaf6522dbd9ce3c6cff655581f092709670606d033f2321b1f4a5e7 |
C:\Program Files (x86)\Java\jre7\lib\i386\jvm.cfg
| MD5 | 5147cce789cd18ad6b2996eb89e5d866 |
| SHA1 | 756f1fffe96ef581f0d4d47253523544c89a2622 |
| SHA256 | c471d622198461715f245d478484fc7c8de533313c56e922931a875460a5aa88 |
| SHA512 | 55f53adb70b1cf741cdf0dee74d92d2bf4c96954a760afae289972a0ea9bb27bc5eb4df1bd41829c7c484211fcb294fe296a4d560d8a1cdbb8c707b3bf2a79a6 |
C:\Program Files (x86)\Java\jre7\bin\client\jvm.dll
| MD5 | 27147e1e3faf9b5ccda882cd96f2a85c |
| SHA1 | 7103f60121727917f812bfc7cdff5347fc17cc8e |
| SHA256 | 500d359211ece211cf672de328345876f016fb4a476b2a03cbc3b8b89023ae1f |
| SHA512 | 0866c604911e243687e7fe721142eb882b19691c902736b59ba304933463d8c9154ecc319b91c9771cee8139e151cc2a2e960bc7a93ed97352cf5232a0964194 |
C:\Program Files (x86)\Java\jre7\bin\verify.dll
| MD5 | cb89b1d71061f5ec52468528ecc0b1fc |
| SHA1 | 6feb23a8b5719c8997de92c7da644807fcba8819 |
| SHA256 | 87d8d59972e73700507c07cee8750b0053c6a0899410338722a00c2803d39ee6 |
| SHA512 | 2ff0ed38c7f28eb7ea16f24a0841dfb3306c4fec48ded5fddec8c3140f1a425433a444fe6b6cc4c17b3a39841c8ab0c23d7c9525c119c1b9d6daac2c17a4e4b0 |
memory/876-908-0x0000000002810000-0x0000000004810000-memory.dmp
memory/876-907-0x0000000000220000-0x0000000000221000-memory.dmp
C:\Program Files (x86)\Java\jre7\bin\javaws.exe
| MD5 | 2b4493bb1f94580c41def972ea9a887e |
| SHA1 | 880ca8b20c6df9a6a176b91cc50304cb0fe66d06 |
| SHA256 | 841339373958786d9c93a7dad5de8fd213ed6b5ad69623f5a5762a453c48e0a5 |
| SHA512 | b43e54f2c1f3e0a3c3d2fcee518e47d17476bb735606351e41b49e97e10af758ea9a539ac370a2d12cffa93e3e752e829db969968664c59386f65b732c29e40e |
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
| MD5 | bc3a575dfb1a58d35e8617f2966bf1ea |
| SHA1 | 6353630f62e246d7f462134e8d10a7a42935e20f |
| SHA256 | c029fd3c6ffd2158d0633fc122786838a6f5d3cc7ef78bbe934697015c8c63dd |
| SHA512 | c976da30d343f8e104bec72300dc0c17e582e380f0a3ae85b242dbf2d5b40459feb4a3b7789fb8d755b21cbaa0940038d20dbbf1296a48e77b461092abbbe514 |
memory/1976-932-0x000000003A400000-0x000000003A410000-memory.dmp
memory/1976-938-0x0000000002810000-0x0000000004810000-memory.dmp
memory/1976-955-0x0000000000120000-0x0000000000121000-memory.dmp
memory/1976-956-0x0000000002810000-0x0000000004810000-memory.dmp
memory/1976-957-0x0000000002848000-0x0000000002850000-memory.dmp
memory/1976-960-0x0000000002898000-0x00000000028A0000-memory.dmp
memory/1976-962-0x0000000002810000-0x0000000004810000-memory.dmp
memory/1976-961-0x00000000028A0000-0x00000000028A8000-memory.dmp
memory/1976-963-0x0000000002810000-0x0000000004810000-memory.dmp
C:\Config.Msi\f76ec37.rbs
| MD5 | d5a1373e66a6613228314b482954ce06 |
| SHA1 | 7d48f1650ea319f65d5e663377cdff2166d41d2b |
| SHA256 | 1cad28a9d50a986676cb659659972d6697dabe82502d89fb038e8637d453c418 |
| SHA512 | ea2f0fcd3a48770d4b43ed71e93233616edd2b96dfcde8c22f796d91e80ecea0a4ff0d3626fcf5f3a4bf947ee9c546ddc362b32d77438b3d634abee01246cbe0 |
memory/1804-982-0x0000000002570000-0x0000000004570000-memory.dmp
memory/1804-997-0x0000000002570000-0x0000000004570000-memory.dmp
memory/1804-1010-0x0000000002570000-0x0000000004570000-memory.dmp
memory/1804-1012-0x0000000002570000-0x0000000004570000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
| MD5 | 4ac8666d8d91e8399cabb97c4f8d148f |
| SHA1 | 87b3ff2b71d80618c5f6c74575b195f59993fbc6 |
| SHA256 | f77a4c6294a252d20f4d5c7ed614db073b2010635927a8d52eea62f59acbf02d |
| SHA512 | 83370efb21532562f18fbf6603d90fd98803f4d711153a0925a81afede8a53e3c49ca0864e838d3acd4caf3a12e90e5fb60f8b4c71d600845f703df0c26fcb1f |
memory/1804-1031-0x0000000002570000-0x0000000004570000-memory.dmp
memory/1804-1032-0x0000000000170000-0x0000000000171000-memory.dmp
memory/1804-1037-0x0000000002570000-0x0000000004570000-memory.dmp
memory/1804-1038-0x0000000000170000-0x0000000000171000-memory.dmp
memory/1804-1039-0x0000000000170000-0x0000000000171000-memory.dmp
memory/1804-1041-0x0000000000490000-0x000000000049A000-memory.dmp
memory/1804-1044-0x0000000000170000-0x0000000000171000-memory.dmp
memory/1804-1045-0x0000000000490000-0x000000000049A000-memory.dmp
memory/1804-1049-0x0000000002570000-0x0000000004570000-memory.dmp
memory/1804-1048-0x0000000000170000-0x0000000000171000-memory.dmp
memory/1804-1052-0x0000000002570000-0x0000000004570000-memory.dmp
memory/1804-1054-0x0000000002570000-0x0000000004570000-memory.dmp
memory/876-1057-0x0000000002810000-0x0000000004810000-memory.dmp
memory/1804-1059-0x0000000002570000-0x0000000004570000-memory.dmp
memory/1804-1063-0x0000000000170000-0x0000000000171000-memory.dmp
memory/1804-1064-0x0000000000170000-0x0000000000171000-memory.dmp
memory/1804-1069-0x0000000000170000-0x0000000000171000-memory.dmp
memory/1976-1071-0x0000000002810000-0x0000000004810000-memory.dmp
C:\Config.Msi\f76ec3d.rbs
| MD5 | 633527e2a2924e5e71755daf14de7f09 |
| SHA1 | 70943aec4195bbc66904203a8116e139360ebd5f |
| SHA256 | 71e5e6d257d970c412c6334e4fd5e51e396ceb0c9459c685b79b7bf1bcaec0fe |
| SHA512 | 93624c56e011d8c67c953c7168ffe86be72e4909458ab912e354d9f0c09754163b2c5909ceb5b73adf0e06b22d56304086836de9e41e5ba43b47f9e4607a6708 |
C:\Windows\Installer\f76ec39.msi
| MD5 | 55d7e66e49c3994eb5e1004a5efd22b1 |
| SHA1 | aa8a045dc0c161e95804f76efe27f1f572072fa8 |
| SHA256 | 0a833d92b4d4aa068b0cb256b87c0d3495c3cc4a021be86c072095fee467b379 |
| SHA512 | 2492ca442c4f6aab1f085a54bbbc1a95b836f033f1c8748fa6c3873997a397020baedfc1f661d751afe30ade3ab14b66a676a4731696b6c90c5c3adfa6c2bd2b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-15 11:31
Reported
2024-04-15 11:34
Platform
win10v2004-20240226-en
Max time kernel
146s
Max time network
144s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\f0f4590178c4a113403f4443208baab0_JaffaCakes118.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\javaSetup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre7\bin\javaw.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\java.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\java.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Windows\SysWOW64\javaw.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsAccessBridge-32.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Zona\License_en.rtf | C:\Users\Admin\AppData\Local\Temp\f0f4590178c4a113403f4443208baab0_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\tzmappings | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\WET | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Auckland | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Norfolk | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\ext\localedata.pack | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Baku | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Brunei | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\deploy\jqs\jqs.conf | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\fonts\LucidaBrightRegular.ttf | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+5 | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Istanbul | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Edmonton | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Macquarie | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Qatar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\Cape_Verde | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Nassau | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Berlin | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Stockholm | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\client\Xusage.txt | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\deploy.pack | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\javaws.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\HST | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Rankin_Inlet | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Swift_Current | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Kaliningrad | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\npoji610.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Campo_Grande | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Tallinn | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Tashkent | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Pago_Pago | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\verify.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Noronha | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Pangnirtung | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Pontianak | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Karachi | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+6 | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\ext\access-bridge.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Tucuman | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Indiana\Knox | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\North_Dakota\Beulah | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Hebron | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Uzhgorod | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\JdbcOdbc.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\deploy\splash.gif | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Sitka | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\CET | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+8 | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Indian\Reunion | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\java_crw_demo.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\America\Tegucigalpa | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Qyzylorda | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Lagos | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\jfr.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\bin\kcms.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\cmm\PYCC.pf | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\fonts\LucidaSansRegular.ttf | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre7\lib\jfr\default.jfc | C:\Windows\syswow64\MsiExec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F03217080FF} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAE4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5900b2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5900b2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5900b6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI14D8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7A7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\msiexec.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "50121028" | C:\Windows\syswow64\MsiExec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_21" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_04" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_06" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_16" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_17" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_03" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_16" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_12" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_20" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_14" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_19" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_07" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_05" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_01" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_07" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_11" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_20" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.0_01" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.0_04" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.jnlp | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\JNLPFile\Shell\Open | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF230120708FF\Language = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_12" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\Implemented Categories | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_08" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\JNLPFile | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_18" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\ProgID\ = "JavaWebStart.isInstalled.1.7.0.0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF230120708FF\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_08" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\jarfile\shell | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\wsdetect.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\jfrfile | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_02" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\Implemented Categories | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\.JAR | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\.JNLP | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\jfrfile\ = "Java Flight Recorder File" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\MiscStatus\1 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\f0f4590178c4a113403f4443208baab0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f0f4590178c4a113403f4443208baab0_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\f0f4590178c4a113403f4443208baab0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f0f4590178c4a113403f4443208baab0_JaffaCakes118.exe" /asService
C:\Windows\SysWOW64\cscript.exe
cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4004 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\javaSetup.exe" /s REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\jre1.7.0_80.msi" REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0 /qn METHOD=joff
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 9E33991E8FF5E7B62E3840BD624CD7E0
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 4187C758D4BDFEFE01715F00A776D13D E Global\MSI0000
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\rt.pack" "C:\Program Files (x86)\Java\jre7\lib\rt.jar"
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\charsets.pack" "C:\Program Files (x86)\Java\jre7\lib\charsets.jar"
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\deploy.pack" "C:\Program Files (x86)\Java\jre7\lib\deploy.jar"
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\javaws.pack" "C:\Program Files (x86)\Java\jre7\lib\javaws.jar"
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\plugin.pack" "C:\Program Files (x86)\Java\jre7\lib\plugin.jar"
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\jsse.pack" "C:\Program Files (x86)\Java\jre7\lib\jsse.jar"
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\ext\localedata.pack" "C:\Program Files (x86)\Java\jre7\lib\ext\localedata.jar"
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\jfxrt.pack" "C:\Program Files (x86)\Java\jre7\lib\jfxrt.jar"
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -Xshare:dump
C:\Program Files (x86)\Java\jre7\bin\javaws.exe
"C:\Program Files (x86)\Java\jre7\bin\javaws.exe" -fix -permissions -silent
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\Program Files (x86)\Java\jre7\lib\deploy.jar" com.sun.deploy.panel.JreLocator
C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
"C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre7" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTdcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xiaW5camF2YXcuZXhl -ma LWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\Program Files (x86)\Zona\utils.jar" ru.megamakc.core.JavaVer
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zona.ru | udp |
| US | 8.8.8.8:53 | i2.x8.net | udp |
| RU | 178.218.223.40:80 | i2.x8.net | tcp |
| NL | 5.35.172.6:80 | zona.ru | tcp |
| US | 8.8.8.8:53 | w1.zona.pub | udp |
| NL | 5.35.170.40:443 | w1.zona.pub | tcp |
| US | 8.8.8.8:53 | 6.172.35.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.170.35.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | dl.zona.ru | udp |
| RU | 46.254.16.107:80 | dl.zona.ru | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | 107.16.254.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| GB | 104.103.251.196:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | 196.251.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rps-svcs.sun.com | udp |
| BE | 23.14.90.97:80 | rps-svcs.sun.com | tcp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| NO | 104.110.22.225:80 | javadl.oracle.com | tcp |
| NO | 104.110.22.225:443 | javadl.oracle.com | tcp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.22.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sjremetrics.java.com | udp |
| IE | 66.235.152.221:443 | sjremetrics.java.com | tcp |
| US | 8.8.8.8:53 | 221.152.235.66.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Zona\init.xml
| MD5 | 508525d6e4da0acd0af1578e36f3e882 |
| SHA1 | 524df4ffb205cc7e32e3f3ecfad361d23cf074cb |
| SHA256 | 8fb7f52bce88163b210a71056540eb8fd5eb98695f7eb54966c78d9a676edb2d |
| SHA512 | 6be92f570d78d317df84f90b8aa8a1a2ad5df717848f9acc6d1567d054d86fb5e143f62a0adf0fd0c57df8d1569f282a8a1094a3eab66f6d02dd457ffd99b3ac |
C:\Users\Admin\AppData\Local\Temp\hd.vbs
| MD5 | d8682d715a652f994dca50509fd09669 |
| SHA1 | bb03cf242964028b5d9183812ed8b04de9d55c6e |
| SHA256 | 4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba |
| SHA512 | eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 4e1ced93e1350d468409e6360abef5ba |
| SHA1 | 0a05afd17178e7dcc1728d998f6fbaf334c88eb2 |
| SHA256 | ea89b41e16106f4f64a748195932c69e550fe93740f30213bbfacfcea8ac068c |
| SHA512 | 13a8e8126cd5b8792f4d26c4bb22b49fba57de5ed542bba10745c0d5b3970be2b036c2776231ae8bcec287bf3738e630ab99e85fcf9e2cd9222429c902733b83 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 89ca9ac882c95eed1e4b637b53caecc0 |
| SHA1 | 166c90850b8a25a458fe3f976805994b90672e80 |
| SHA256 | a2606bc9bd427692b0a3b48e893d65f72fb5c88cadc1c8608573fd226a443842 |
| SHA512 | 42c82d3878addd112b4e6dbe66c6fad52e711c639b3986d20285b88ecf646b79b638a8a35582d45e66f963be1ca4819d919f81ff3b5f25b6aeba84b6790b7788 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 34d6e10c650146e203d106dc337b3c0c |
| SHA1 | 5439854cf9e5f34b10d6c696c6c512cd917b8fdb |
| SHA256 | 5ac7d796252668677ca7d0394e460c5166cede30038db766818aa075e135271c |
| SHA512 | 5062eb8a3f0d412adc4055eee7ea99cd272e6945b061381597b78c6010a7b65fc24b2ee882b34520bc7455cd8fbf3eaddd11ecdeebf07110ae2887571864cf72 |
C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
| MD5 | f2fd417b6d5c7ffc501c7632cc811c3e |
| SHA1 | 305c1493fca53ab63ba1686c9afdfb65142e59d3 |
| SHA256 | a87adf22064e2f7fa6ef64b2513533bf02aa0bf5265670e95b301a79d7ca89d9 |
| SHA512 | 289ee902156537e039636722ad5ac8b0592cf5cffda3d03cf22240003627b049382b95db1b24cf6a2f7134b0df93ede65a80a86381fc161b54c84a76ed04458b |
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\jre1.7.0_80.msi
| MD5 | e24d9b483ce7a3a6a4406111883457f7 |
| SHA1 | 0d5efff0d110c48f5e6f5d438967427f1e2dbf84 |
| SHA256 | dbf28e21d55dd662cccf4d422a1a645a6a3dbfd6914942dde417d20c4d2fe01c |
| SHA512 | b614b023ce683e78ee685be028fa06d7df90f10360d55de2a8c1214200b0b85998683502f377b01584bf23b72b168c33ef560a78d7abdf68aa3af87beca59398 |
C:\Windows\Installer\MSI7A7.tmp
| MD5 | 9f84d910602183954bed6d9660600783 |
| SHA1 | 82e3b122dc63e0a333bca531dd16667d5fafbf23 |
| SHA256 | bf4e4c75d148cb412e28a0b4e665919fd5ac6b9aa6bc3fa75401394759218d5e |
| SHA512 | 09fb450e6c6f22a32d5e06f470070aab17d4973afe307b529093af7fa29ab96b61a89814e4964d005459f8ebb25716134a5e1c41f6ea7d260361b135306544b9 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 41306a4b6e78cd3cda434f992c2f07a5 |
| SHA1 | 03d5a13df9318733a5f7f2d77c4190b3c13d935d |
| SHA256 | 8e0abba449c99809c0785d133eff3f4ddc48fa613cc27ea3042fc09dab306fcb |
| SHA512 | d438b5ac2865e66e8e8bdfa521aafe4220f50fccf47bde134708f336891529756e1f26dcd21a982a4f5932ba630ce806a78b23478c4cc368624003613e73ccfd |
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\Data1.cab
| MD5 | 003a488a2139105704566b47eb29520d |
| SHA1 | 52d672a592cd52ad5e2e7239421f2659e0d17afa |
| SHA256 | a84262dd486cf59049d0d2d9a1b00dfb5aa5271592edd8de0e052f12496dec67 |
| SHA512 | ab34061f8e04bb1d59f1b35e0e1848a176f2b119095e79015130da3a4384c70fa35ecbe1625e07c0eb0de49c67bcdbba59f10fa1dfbbb2066dcb6ee6825215de |
C:\Program Files (x86)\Java\jre7\core.zip
| MD5 | 84ca7053c19a77354a440583a89b6bde |
| SHA1 | c64fbc5986c9c2b3e3ef49dbdd2c0c02f7be4742 |
| SHA256 | 2f04931188f5a292cb2ae041db0b0ef3f603b2d4d58634d18353a682b58c6869 |
| SHA512 | 0722beffe0423d28bc7ab56477f31fbdd4e0ef2e2640e229704907c33c1d2e2406f301a24ba4f2e3d7aed4b229d3b031bb752bf2f258147a54f7ae43453115d1 |
C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
| MD5 | 0d46182b6134aa9c7acd16133d67e4c3 |
| SHA1 | 7b5be3d65e5e744723bf55a08f9dc1042585d5eb |
| SHA256 | c89091f2a4de2fcf10b30e54a74ec5764e2dfc0577f4f1d879ac8816e3b08bcc |
| SHA512 | 735b6c6bd69b22a71c15ae44c6fa1693700321dc3b4b2367ce05d5c37df62e45d1d3836c2c0f5e44be1036aeb11a533c2a4dbec55163b4a15adfa1c8ef75673b |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | 525bf7f5b63ffd5e86fa3aee92551c21 |
| SHA1 | bf3cd939fe57f5076afbd231cb5b1b0ea03ba5d0 |
| SHA256 | e0e88bda4bcbbcfadb1009060372744f8b3f3628ae29b1d310a99255ec76aa7a |
| SHA512 | 825d048f8a3eb7ec88bda27eaf34b5c05a9545a12d48d29fc264aeae571fb2b4aa2957cd1b5459d53dc5d18b7968760d47136a6ec099c5612c3a7ab677b24d73 |
C:\Program Files (x86)\Java\jre7\lib\rt.pack
| MD5 | b6d75e8c90c79af1579769f10b1e5c88 |
| SHA1 | 146cb3f05fa161885e8faf079fa2bbd89b5c5b18 |
| SHA256 | 82dc6806d9ec9eb16604f90a5c78d0d882b69a0e718d8f6c3c6b7c9719887b7e |
| SHA512 | 02cdd0c0d6e71bc09120db2cd3b9471c0176567d92bb74a08c13e82c1d23722eb4afac41583a11dee3fc531fd442754ee0f5cb964898ec036ddd432947996037 |
C:\Program Files (x86)\Java\jre7\bin\msvcr100.dll
| MD5 | bf38660a9125935658cfa3e53fdc7d65 |
| SHA1 | 0b51fb415ec89848f339f8989d323bea722bfd70 |
| SHA256 | 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa |
| SHA512 | 25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1 |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | 18f48d6714640435ab93cad409e10070 |
| SHA1 | fd33c178274fb08adb77cf5c695ce29ba32417bd |
| SHA256 | f7468e1cf9cb05006bb7eebf4ce106f98828351ac7d8637486794ba90e5f5bc2 |
| SHA512 | 632e4957e610ab787ed9a2cf3e8d988acb16e4cfc4d4df9b52682ca54fa4f7fed980b7b5dd69b1c4dd71554894ee5e5199da630b721f3c7403652f923a16dcc1 |
C:\Program Files (x86)\Java\jre7\lib\charsets.pack
| MD5 | 549bbcd204914b543dafee670f110834 |
| SHA1 | 012461935191a55482e8c3d453d245e965a10a2a |
| SHA256 | 8ea5af036ec067a0abcf87b8f5921e2281ff9d259e1d4c3bbe7fa9037cd87d02 |
| SHA512 | b0346a2ec52ce47351286f27f347f5fea99e160aedde52bcf74e1629739704bd975c9c99d8db6be3b6bd45e7fa933616fa081eda49e9b911efcc031c7241400e |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | a2623660c345873243bb8f88145663b5 |
| SHA1 | d8cabac7b4057649bb6ca31504719fb0881c7190 |
| SHA256 | 3532daff57c2b70280ef79edf17af55d108b2d46b88bdbf248fab74db2a43d14 |
| SHA512 | 60dc96479ae28a9011dee7a2e8ff2cb60ab548a6164ba8f5562fcd1cb154362677a68c98c62aa62333ac9812d4ddb3e332957efdbc5acfb5eade18f111c21f6e |
C:\Program Files (x86)\Java\jre7\lib\deploy.pack
| MD5 | b2a448112b7c886ccce9b6a3d5efd8a0 |
| SHA1 | 660bc9efe960015b208a421b1a63443e7151024f |
| SHA256 | 928f6b847f94b920c462a08c43f0dfd3f7c40076b1cd60545523a5c27a4870ca |
| SHA512 | 871da63f4eaf16d77ba6c19c10d8ddd8e94f744c20a70e24793f837023d20e56698d85f67498bc06ec37b73a8f376c220afbe7f3884b00536b710ff49c339b3f |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | e2aaff5f40ba3fbc2df129ed2157dd19 |
| SHA1 | 8d6b9aeeae45922687e24365cecffdc0e4997f08 |
| SHA256 | 1e1a1fcf7c15b8f6019b1696765c696e69a510bb25fd29daa4f8286b206e738a |
| SHA512 | e1e5a42c4b5bac65b4747b149a694d738fe7e4e7c5398ef564885796e4d9d3cf5ae4ef1cd2066dd6ba24463654c090d79ac84e0f1ad76575155deab8088e6843 |
C:\Program Files (x86)\Java\jre7\lib\javaws.pack
| MD5 | 491bce42c6cd8af88a2e11f37711ed4f |
| SHA1 | 3de7c18fee44465a6afe34e068f2a64dea9fa324 |
| SHA256 | ee43869ee94eefe241d661101ff6a03cc276f8e558967b1b350ea088f1dad2e2 |
| SHA512 | 1e5f99466b77b5a82c23449434272acf5746811ef96b98105f89b3339ccd86734d7713c94b773755219345d673a761a356fbe846a38e7893bd8894e43cf102e4 |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | d2c611a13ec2cd37d228aad0305dc734 |
| SHA1 | b7d5dd93fb333c96f9d0c516fc862a1f6dc31ae8 |
| SHA256 | 648dac2d3607a22d24056d6d29f1e43343c0e812faffa92a381f627cc42789d4 |
| SHA512 | 5e73bcfaf14e4a45068a74623e9ed39276844efc6269604ea231f1457c5837605e34ebc7fbf106156b0d653c3a0ce90bf0817d09a44a7b268718747506da70d3 |
C:\Program Files (x86)\Java\jre7\lib\plugin.pack
| MD5 | 47d6cfa1b01a6d41885504bbc3b1919a |
| SHA1 | 3838060f9d530c972d65f36fa38b265120a218aa |
| SHA256 | 93defaaf7f82e2e9565b27dd31a41c89e02d1b7719d0da0b940a55dcc75b91e5 |
| SHA512 | b0df9b174624234aaeb2b50cf611f698377925a0ae5c5ee9da46c65fcecf4d28941d1bf2332316d9327981c1f8c6c4fecf750e013f04eef63f5df52d27593135 |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | 250dd63c170bf6cc59e2a7a34edb348b |
| SHA1 | da811a6038e340332de88fe1c2a574ee1bb8a8a8 |
| SHA256 | f46f4d796f236751d277dc24184765679d409c0e454ae07587ca09e0710a0f1f |
| SHA512 | ffc14529043f3231ace3beda1cb14de9ef37d24221d462138eb8fe9cb255eacba42bb864e41a575b7c14773ae577f6e44afcd408f2415678f1019895e3c376c4 |
C:\Program Files (x86)\Java\jre7\lib\jsse.pack
| MD5 | 31b4d9c29d29567b0ae3037fac9fbdc6 |
| SHA1 | 8b5d1b1a309177466d71a742414d441f600ea38e |
| SHA256 | 9f031f2f1292bb311c400b0a93a11b78a08f013332b1263ea58617b6548862eb |
| SHA512 | b4a8a3a1e837f98a3164e19a6fe939819eb336892335de975822890b52b5923d85fee4c4e5464ccb0d46c847f37f7da98a839aadbf4d20fca355f396a53836c0 |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | 6395ef19c45e81bddd74837a1394acb5 |
| SHA1 | 92a97d8fa5c76891d0df4b4d9812370ee85859b9 |
| SHA256 | a0da062ab80c0dc8d84f51bd76faf53001cd4b48bcbc0ddae6d75e210ea92ccb |
| SHA512 | 5bb7439566d386aa46774e71378284fff75855f2b5971345d54e5142a23a9488a49b1de2a9533d37cb3f33c8d50cc64727daac7c96ca6dd3779144379a068fdb |
C:\Program Files (x86)\Java\jre7\lib\ext\localedata.pack
| MD5 | c8dc1cfeaf0fefc39ed0f1de4eaa175c |
| SHA1 | 11cacbb9e5724d37789455de37a225d8e0c648a1 |
| SHA256 | da2803a283d28882182e1e280b4f25ee1579a5805e73fcc9882e63968f102a8f |
| SHA512 | 6b419ba94ae90f8caa3a57690f2ec7e249c9fb8ab86819439621cde1243c7636ee76820622ce32ed483ce76976f7ced74778898fc2725b1a2407b039fb53508c |
C:\Users\Admin\AppData\Local\Temp\java_install.log
| MD5 | cc147c8509b89de26462cd73e51d3df4 |
| SHA1 | b37e85f40a18c1832530a760b309799378f7f6a9 |
| SHA256 | 2f0f162f348b4020566418fd30c090fac83883284dde7c163b923f68d0886c69 |
| SHA512 | b8ef88fc7c91371605dc12a6fae41fa576836ad7eecbf728cd78ab5de9b235c221d5f43d2e9f9adc234f6ae5c3e823dd1b213aaa0340aa8d341015ad393a3e93 |
C:\Program Files (x86)\Java\jre7\lib\jfxrt.pack
| MD5 | dfaa6429468d56ef77932cf26a495f75 |
| SHA1 | 8a21a29225640f1829ae328a24ef9cb5e215a4e0 |
| SHA256 | 8c481a549acfa58b1bac0385906febe33a928d004a529fec505b6a9228678fed |
| SHA512 | 6c19ed573b111315648de0646441486729b304452c15b2282938460a2339db0be4e1eb19cf6f2bf17f73037811ca2553a15957ea96b9d9af64a93045407c1148 |
C:\Users\Admin\AppData\Local\Temp\java_install_reg.log
| MD5 | f8494f1793c2781ff2473084d541ecb9 |
| SHA1 | 235bf7d9af309fd7ca2d181ee42c01d041492a2c |
| SHA256 | 464a19e3f00f1ae1374a8107b2425819541cb19caf4bb252b2be43677326286b |
| SHA512 | 55d07939940ba52f6130051ab896597bcef358476042c0dd06a887355a6355af00f55b55097ddfb3453fd8a40e4dc4719eb989a71138476e103e911d331bf94f |
C:\Program Files (x86)\Java\jre7\bin\java.exe
| MD5 | 88651044108e995f9801e35d2582491c |
| SHA1 | abbf404c0253d085223a64ab947e1057c4211c9c |
| SHA256 | c7fd72a0730b377c6da5ac80cdaf5f4cca84cc999a563a4c420fe5a8576810f8 |
| SHA512 | 486b1d7ad7c3debcb8d70f9351adb08c8321c4cfb409a00ff818be1dacdc376a0eded630ccdc74aa99cc472589b88c9681989076fd78eb109759d33e7bf70543 |
C:\Users\Admin\AppData\Local\Temp\java_install_reg.log
| MD5 | f009f87f76ee4d6bc0e973b7c573c4c1 |
| SHA1 | 14d25f0f1f06568f3479b50ff246995cca0eb376 |
| SHA256 | e4ec0be84abe59c42dc1daf21acf9e0406a42afca353bfaca342f2a1c33e1c91 |
| SHA512 | 701c196000960e34c99407b2a5a4f7b32b4a9079faf8840de68d341db1144fed19b6d5977d449cb53d05874f6125b6a908dcbafb51eb0ec2105e78235399faf5 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | f9447bb803f947f99321b8582fc130e8 |
| SHA1 | 6b7a7c4148af23b283c237d66ffcf1873924ab72 |
| SHA256 | 8cc846b3de141b90f480673ca84887ce131dfca39ffce08d1beaeee0befc2490 |
| SHA512 | e48d41cbc66335c67e987e221f2a23227ce0385c3fff6d2adcdd3b3b2b922d68b9a1165c68be0348a25160a93e717259297f656969bf2dabe8694e59906841cc |
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
| MD5 | 64e2bb67ea740860510dcc5c2b6ffa2d |
| SHA1 | 6c5996358264624cdb4a075acc4f0b46177cd259 |
| SHA256 | 844ab2231f45fad60d81770ea36d9937da9aa72cd905ce06e7471ddf9d69263b |
| SHA512 | ed24331883ada44d8b034f5c8bc458e53234109d5cd02a27989972033f5b3305d23365106ce80be81caa16e472c14c103e457a1e0d138eb0d95036e58d877462 |
C:\Program Files (x86)\Java\jre7\lib\i386\jvm.cfg
| MD5 | 5147cce789cd18ad6b2996eb89e5d866 |
| SHA1 | 756f1fffe96ef581f0d4d47253523544c89a2622 |
| SHA256 | c471d622198461715f245d478484fc7c8de533313c56e922931a875460a5aa88 |
| SHA512 | 55f53adb70b1cf741cdf0dee74d92d2bf4c96954a760afae289972a0ea9bb27bc5eb4df1bd41829c7c484211fcb294fe296a4d560d8a1cdbb8c707b3bf2a79a6 |
C:\Program Files (x86)\Java\jre7\bin\client\jvm.dll
| MD5 | 27147e1e3faf9b5ccda882cd96f2a85c |
| SHA1 | 7103f60121727917f812bfc7cdff5347fc17cc8e |
| SHA256 | 500d359211ece211cf672de328345876f016fb4a476b2a03cbc3b8b89023ae1f |
| SHA512 | 0866c604911e243687e7fe721142eb882b19691c902736b59ba304933463d8c9154ecc319b91c9771cee8139e151cc2a2e960bc7a93ed97352cf5232a0964194 |
C:\Program Files (x86)\Java\jre7\bin\verify.dll
| MD5 | cb89b1d71061f5ec52468528ecc0b1fc |
| SHA1 | 6feb23a8b5719c8997de92c7da644807fcba8819 |
| SHA256 | 87d8d59972e73700507c07cee8750b0053c6a0899410338722a00c2803d39ee6 |
| SHA512 | 2ff0ed38c7f28eb7ea16f24a0841dfb3306c4fec48ded5fddec8c3140f1a425433a444fe6b6cc4c17b3a39841c8ab0c23d7c9525c119c1b9d6daac2c17a4e4b0 |
C:\Program Files (x86)\Java\jre7\bin\java.dll
| MD5 | a258a133f7d565600647a248ab95792c |
| SHA1 | 1c6a855ca1fc04413b906b0b17609eff38317161 |
| SHA256 | 81ad5696a6fcad89127fc7a428636d431b446ff1ee0c37bf87e8d513a8bae7af |
| SHA512 | bf9dd97947eb0c71243ae28255af54b06d9e17af7ade666538dd93f9fdf6d8fbc3855f48bfaf6522dbd9ce3c6cff655581f092709670606d033f2321b1f4a5e7 |
C:\Program Files (x86)\Java\jre7\bin\zip.dll
| MD5 | 1ecf056944068b933ba71cda3edc4a68 |
| SHA1 | 2052b2138db0d9a368942470b41bb6fc5b1d4007 |
| SHA256 | 35ce7ab154a38e97951714e17f7689873d89e8c01188de6e5cd741bc0ca3e384 |
| SHA512 | cadf312841d392a9970cc068b72063e17454d5e6738b46ec9622257d9dfc0bcad0d9420352752bf7d8f8e8ceaf6aca97d83896f753dc12cfeac3e5efb5e1ab05 |
C:\Program Files (x86)\Java\jre7\lib\meta-index
| MD5 | 8bff510abed2b6fcc5a83eedb65b1766 |
| SHA1 | ba6d0cd7504a5baeb963501b8bdf315ec6cb355c |
| SHA256 | afb4850419612e0daf1876a5d61120ed0ccae241f188c25c014602007b3a765b |
| SHA512 | 8786bd672ce9c53f4c31f8206d621eb06ae7527f9adf3700955cc1cb928dde145b684666a5eb4ac11301541f585970ccd377ba144da351741e3cb5769b6ff522 |
C:\Program Files (x86)\Java\jre7\lib\rt.jar
| MD5 | bac77d8d145bd553c7efdf7978d9dff0 |
| SHA1 | 31da52beb0237a6ffd6ebc4a766d92f12a226fb6 |
| SHA256 | a85b24d93ceb6095691838dda51d31bc5e8dc94663514b46c48d7c41d351aad2 |
| SHA512 | 2aabc1986338a68cdecf6d46afd6492a90940d9412bf8f7ad7c6183091403a784244ecf1007dc3875a892c0b1c2557f5de31f387011ca8db657f4367f5fc86ba |
C:\Program Files (x86)\Java\jre7\lib\classlist
| MD5 | 1a0b7592ab9c12aff1191dfd225154ca |
| SHA1 | 3d3fb5f326f2caea866028558834ae684a2fe09f |
| SHA256 | 3837e95826d2273a54e3869efcad1521e000215428a2c7ee9397b650834ebaf1 |
| SHA512 | b2932400b6d8c72d344cb0592f121623dd848dcdd341248cf18cd55cd0c4fbd7f923057d022f89586ec6062299d756a37b3ff4308f10865de6ba68b2ee530fe9 |
memory/2540-827-0x0000000002960000-0x0000000004960000-memory.dmp
memory/2540-828-0x0000000002730000-0x0000000002731000-memory.dmp
C:\Program Files (x86)\Java\jre7\bin\deploy.dll
| MD5 | 87ec9d4a00d34eb6a0f8f92e1d1cc08e |
| SHA1 | bee4ecae201905096dd44d1d348ecb3556d90832 |
| SHA256 | 352707a271a9ab5d0e190a539b6468d6c6c5ce9675b300acf2305aa1f30625d8 |
| SHA512 | 5b7f9866168ad7948a5a80078b14ff747201d17922ca907072a081e0078f6ac68446ddd36b027b4a17f5afa7d1bb4962642cff28cf66867171ebb78735f242d2 |
C:\Program Files (x86)\Java\jre7\bin\wsdetect.dll
| MD5 | 958bc8d82e4d0a5b51536bb4fc4fb6d6 |
| SHA1 | 626312fa01c72ec5c85c9262ba0ae97a8b1f5b25 |
| SHA256 | 2ef891881d506084ed182a0ac58b10dbe8c45877ef889ac9105f19431beee4ca |
| SHA512 | fe17b58e3eed817619bebf6d091aee99fdc331c9c5a4163e9f5993b41b2e7362365da210e0636755ada6b8838012de1bc5435b8670aa12f378a3c9e3a9f5af04 |
C:\Program Files (x86)\Java\jre7\bin\WindowsAccessBridge-32.dll
| MD5 | 1722510af00ea3c7406681b47bf442f7 |
| SHA1 | cafac266d52d78d3743c31ebef22a894781e0de5 |
| SHA256 | 4010a3ec604a327861bedf01626c12eaded9d381b6e4f0e6f760895838834a21 |
| SHA512 | 31a2ce3d5eb9828cbb82d2a7e29f2c5bf46528d38f25827329512cedde37bd03b3cfdba0aba3320b6c0e7779588958e83bff735f6059aad37172598e70e863eb |
C:\Program Files (x86)\Java\jre7\lib\images\cursors\invalid32x32.gif
| MD5 | 1e9d8f133a442da6b0c74d49bc84a341 |
| SHA1 | 259edc45b4569427e8319895a444f4295d54348f |
| SHA256 | 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b |
| SHA512 | 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37 |
C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+5
| MD5 | a2abe32f03e019dbd5c21e71cc0f0db9 |
| SHA1 | 25b042eb931fff4e815adcc2ddce3636debf0ae1 |
| SHA256 | 27ba8b5814833b1e8e8b5d08246b383cb8a5fb7e74e237cdbcadf320e882ab78 |
| SHA512 | 197c065b9c17c6849a15f45ac69dafa68aaa0b792219fedb153d146f23997bfa4fbc4127b1d030a92a4d7103bded76a1389df715b9539ea23ea21e6a4bb65fb2 |
C:\Program Files (x86)\Java\jre7\lib\zi\HST
| MD5 | 715dc3fcec7a4b845347b628caf46c84 |
| SHA1 | 1b194cdd0a0dc5560680c33f19fc2e7c09523cd1 |
| SHA256 | 3144bc5353ebbd941cdccbbd9f5fb5a06f38abf5cc7b672111705c9778412d08 |
| SHA512 | 72ab4b4ad0990cce0723a882652bf4f37aac09b32a8dd33b56b1fbf25ac56ae054328909efd68c8243e54e449d845fb9d53dd95f47eaaf5873762fcd55a39662 |
C:\Program Files (x86)\Java\jre7\lib\zi\MST
| MD5 | 11f8e73ad57571383afa5eaf6bc0456a |
| SHA1 | 65a736dddd8e9a3f1dd6fbe999b188910b5f7931 |
| SHA256 | 0e6a7f1ab731ae6840eacc36b37cbe3277a991720a7c779e116ab488e0eeed4e |
| SHA512 | 578665a0897a2c05eda59fb6828f4a9f440fc784059a5f97c8484f164a5fcec95274159c6ff6336f4863b942129cb884110d14c9bd507a2d12d83a4e17f596d2 |
C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT
| MD5 | 7da9aa0de33b521b3399a4ffd4078bdb |
| SHA1 | f188a712f77103d544d4acf91d13dbc664c67034 |
| SHA256 | 0a526439ed04845ce94f7e9ae55c689ad01e1493f3b30c5c2b434a31fa33a43d |
| SHA512 | 9d2170571a58aed23f29fc465c2b14db3511e88907e017c010d452ecdf7a77299020d71f8b621a86e94dd2774a5418612d381e39335f92e287a4f451ee90cfb6 |
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
| MD5 | bc3a575dfb1a58d35e8617f2966bf1ea |
| SHA1 | 6353630f62e246d7f462134e8d10a7a42935e20f |
| SHA256 | c029fd3c6ffd2158d0633fc122786838a6f5d3cc7ef78bbe934697015c8c63dd |
| SHA512 | c976da30d343f8e104bec72300dc0c17e582e380f0a3ae85b242dbf2d5b40459feb4a3b7789fb8d755b21cbaa0940038d20dbbf1296a48e77b461092abbbe514 |
C:\Program Files (x86)\Java\jre7\bin\javaws.exe
| MD5 | 2b4493bb1f94580c41def972ea9a887e |
| SHA1 | 880ca8b20c6df9a6a176b91cc50304cb0fe66d06 |
| SHA256 | 841339373958786d9c93a7dad5de8fd213ed6b5ad69623f5a5762a453c48e0a5 |
| SHA512 | b43e54f2c1f3e0a3c3d2fcee518e47d17476bb735606351e41b49e97e10af758ea9a539ac370a2d12cffa93e3e752e829db969968664c59386f65b732c29e40e |
memory/5792-1428-0x000000003A400000-0x000000003A410000-memory.dmp
memory/5792-1435-0x00000000027F0000-0x00000000047F0000-memory.dmp
memory/5792-1442-0x0000000000DE0000-0x0000000000DE1000-memory.dmp
memory/5792-1450-0x00000000027F0000-0x00000000047F0000-memory.dmp
memory/5792-1455-0x00000000027F0000-0x00000000047F0000-memory.dmp
C:\Config.Msi\e5900b5.rbs
| MD5 | 7bf6bda18a622c82cdaab5a466ce3289 |
| SHA1 | 364558bc51757506d92960090764a11eee1f3903 |
| SHA256 | c87390f675c2b82179fdccc883f7f3f7f5951b9eb58b998d79b3d2713567fb3e |
| SHA512 | 5b0b6882af2976e7db5173458548a8ec91463b64f2b09ed2c91cfa6b9ac40145f209f51ecf41a25c308b5ec884c0bad8bcc3188b90f22ca66e4f1563cb8ed091 |
memory/6096-1481-0x0000000002A20000-0x0000000004A20000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 55e9f260e3408c5186bdfa0ba2b79bb9 |
| SHA1 | 3f1191f271290564b33f679e5aa9b98d6e587ee1 |
| SHA256 | 124ef4c9140c4ce2372cac10f5d36ea1c3de932fd744114b7a466a073b4a2466 |
| SHA512 | 8cd81c1603bec11081921fd9b5d3ff1c3279b75f6a82de482ff702002c4b75e3e6429ffb272ea1a7bec3dab074d669216490643a54278e085e5df9ccc64cc740 |
memory/6096-1500-0x0000000002A20000-0x0000000004A20000-memory.dmp
memory/6096-1505-0x0000000002A20000-0x0000000004A20000-memory.dmp
memory/6096-1515-0x0000000002A20000-0x0000000004A20000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
| MD5 | 7021de6b52e9bf0b001e3a166616453b |
| SHA1 | 7fbddbff1ccee031f563fff13162b31e2b638816 |
| SHA256 | da3809bbeeb70009466345040214558077d9dec025285e0456e4d8ae3dd7a066 |
| SHA512 | 11416ceca1fe12f2e2e7fabfb4986e2697653d8dd10721dfc127b6bdb3fb61ea14615fce46752d1a4f6d8fe78a27d3a0ffde6b541fdd93871a2dff83078d2776 |
memory/6096-1541-0x0000000000CA0000-0x0000000000CA1000-memory.dmp
memory/6096-1543-0x0000000002A20000-0x0000000004A20000-memory.dmp
memory/6096-1556-0x0000000000CA0000-0x0000000000CA1000-memory.dmp
memory/6096-1562-0x0000000002A20000-0x0000000004A20000-memory.dmp