Malware Analysis Report

2025-01-18 22:27

Sample ID 240504-drrgnsbg5s
Target 1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118
SHA256 3ee34e2fe56ec2d3f53e93d73952b75148c10d07b5ff54e02c04413ef47850d3
Tags
upx adware persistence stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

3ee34e2fe56ec2d3f53e93d73952b75148c10d07b5ff54e02c04413ef47850d3

Threat Level: Likely malicious

The file 1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

upx adware persistence stealer

Downloads MZ/PE file

Checks computer location settings

UPX packed file

Loads dropped DLL

Executes dropped EXE

Registers COM server for autorun

Blocklisted process makes network request

Adds Run key to start application

Installs/modifies Browser Helper Object

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Modifies system certificate store

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-04 03:14

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-04 03:14

Reported

2024-05-04 03:17

Platform

win7-20240221-en

Max time kernel

140s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe"

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" C:\Windows\system32\msiexec.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Windows\syswow64\MsiExec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Java\jre7\lib\charsets.jar C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\javaws.jar C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\plugin.jar C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\jfxrt.jar C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
File created C:\Program Files (x86)\Zona\License_uk.rtf C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Java\jre7\patchjre.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\ext\localedata.jar C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
File created C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Zona\License_en.rtf C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Zona\README.txt C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
File created C:\Program Files (x86)\Zona\Zona.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\deploy.jar C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
File created C:\Program Files (x86)\Zona\utils.jar C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Zona\Zona.jar C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
File created C:\Program Files (x86)\Common Files\Java\Java Update\task.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\client\classes.jsa C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
File created C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Java\Java Update\task64.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\rt.jar C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
File created C:\Program Files (x86)\Zona\swt.jar C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
File created C:\Program Files (x86)\Zona\ZonaUpdater.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
File created C:\Program Files (x86)\Zona\zreg.dll C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
File created C:\Program Files (x86)\Zona\Zona.7z.tmp C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
File created C:\Program Files (x86)\Zona\torrent.ico C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
File created C:\Program Files (x86)\Zona\uninstall.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
File opened for modification C:\Program Files (x86)\Zona\Zona.7z.tmp C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\jsse.jar C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
File created C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Zona\License_ru.rtf C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Java\jre7\core.zip C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\f76c4a9.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76c4ac.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID910.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDB04.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76c4a6.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC8D6.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76c4af.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76c4b1.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDB74.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76c4a6.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76c4ab.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76c4a9.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76c4ac.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76c4af.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC7BC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICADB.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "42848016" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files (x86)\\Java\\jre7\\bin" C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files (x86)\\Java\\jre7\\bin" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Windows\syswow64\MsiExec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_71" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_05" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_57" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_59" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0093-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_46" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_05" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_61" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_82" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\jfrfile\ = "Java Flight Recorder File" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_45" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_67" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_76" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_70" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_08" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_40" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0095-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\javaSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\javaSetup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1040 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1040 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1040 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1040 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1040 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe
PID 1040 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe
PID 1040 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe
PID 1040 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe
PID 1040 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe
PID 1040 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe
PID 1040 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe
PID 2488 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
PID 2488 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
PID 2488 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
PID 2488 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
PID 2488 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
PID 2488 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
PID 2488 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
PID 2036 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2036 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2036 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2036 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2036 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2036 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2036 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 640 wrote to memory of 2832 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 2832 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 2832 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 2832 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 2832 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 2832 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 2832 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 2164 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 2164 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 2164 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 2164 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 2164 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 2164 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 2164 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2800 wrote to memory of 2412 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 2800 wrote to memory of 2412 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 2800 wrote to memory of 2412 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 2800 wrote to memory of 2412 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 2800 wrote to memory of 1800 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PID 2800 wrote to memory of 1800 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PID 2800 wrote to memory of 1800 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PID 2800 wrote to memory of 1800 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PID 2800 wrote to memory of 1800 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PID 2800 wrote to memory of 1800 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PID 2800 wrote to memory of 1800 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PID 2036 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2036 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2036 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2036 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2036 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2036 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2036 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 640 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 640 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe"

C:\Windows\SysWOW64\cscript.exe

cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs

C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe" /asService

C:\Users\Admin\AppData\Local\Temp\javaSetup.exe

"C:\Users\Admin\AppData\Local\Temp\javaSetup.exe" /s REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\jre1.7.0_80.msi" REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0 /qn METHOD=joff

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 31291BDB86384600522E8520278E42AD

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A3DFC28927C0F8FCB6D7B1A1CF4D81A8 M Global\MSI0000

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\rt.pack" "C:\Program Files (x86)\Java\jre7\lib\rt.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\charsets.pack" "C:\Program Files (x86)\Java\jre7\lib\charsets.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\deploy.pack" "C:\Program Files (x86)\Java\jre7\lib\deploy.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\javaws.pack" "C:\Program Files (x86)\Java\jre7\lib\javaws.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\plugin.pack" "C:\Program Files (x86)\Java\jre7\lib\plugin.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\jsse.pack" "C:\Program Files (x86)\Java\jre7\lib\jsse.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\ext\localedata.pack" "C:\Program Files (x86)\Java\jre7\lib\ext\localedata.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\jfxrt.pack" "C:\Program Files (x86)\Java\jre7\lib\jfxrt.jar"

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -Xshare:dump

C:\Program Files (x86)\Java\jre7\bin\javaws.exe

"C:\Program Files (x86)\Java\jre7\bin\javaws.exe" -fix -permissions -silent

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\Program Files (x86)\Java\jre7\lib\deploy.jar" com.sun.deploy.panel.JreLocator

C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe

"C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre7" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTdcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xiaW5camF2YXcuZXhl -ma LWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Sun\Java\AU\au.msi" ALLUSERS=1 /qn

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding AD8F001738435EDDA50DA4A7033C7615

C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -r jre 1.7.0_80-b15

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\Program Files (x86)\Zona\utils.jar" org.sevenzip.decoder.SevenZipFolderDecoder "C:\Users\Admin\AppData\Local\Temp\Zona.7z" "C:\Program Files (x86)\Zona"

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\Program Files (x86)\Zona\utils.jar" org.sevenzip.decoder.SevenZipFolderDecoder "C:\Users\Admin\AppData\Local\Temp\appdata.7z" "C:\Users\Admin\AppData\Roaming\Zona"

Network

Country Destination Domain Proto
US 8.8.8.8:53 manytorrents.org udp
US 8.8.8.8:53 zona.ru udp
NL 37.48.65.155:80 manytorrents.org tcp
NL 5.35.172.6:80 zona.ru tcp
US 8.8.8.8:53 w1.zona.pub udp
NL 5.35.170.40:443 w1.zona.pub tcp
US 8.8.8.8:53 dl.zona.ru udp
RU 46.254.16.107:80 dl.zona.ru tcp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
NL 92.123.165.224:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 rps-svcs.sun.com udp
US 2.18.190.79:80 rps-svcs.sun.com tcp
US 8.8.8.8:53 javadl.oracle.com udp
NL 92.123.165.224:80 javadl.oracle.com tcp
NL 92.123.165.224:443 javadl.oracle.com tcp
US 8.8.8.8:53 sjremetrics.java.com udp
IE 66.235.152.156:443 sjremetrics.java.com tcp

Files

memory/1040-0-0x0000000000080000-0x00000000000D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 a4b2c29314b46a51f6975870fa38de61
SHA1 ee9acc5d081200d29b3754433eb495d3231e51d1
SHA256 68bd8c895c4a159dea1a8d0d1c4f9bbaa9a577d5539ef9eb9160d12d79dd22be
SHA512 9fe73e3653dc89982498b4edb6d2489e7820434c398afd496027bcde32cb5c759ba3d3f3e4f288212d28691e11797defc9551fa48f8c4e34e6bb778f9e2bc459

C:\Users\Admin\AppData\Roaming\Zona\init.xml

MD5 eabc9481751079cf223352f24f9c86b1
SHA1 df13928f3e664556121d813366790c307e442f5b
SHA256 ec5d3ca4da94f73a19d6175518c9d7d297d9083ecc67e1a4c1a689841bd87ff8
SHA512 9a3d3f5eee1b9307d1d35d62930ce94102329ffc930488b2bee5df6479a22ceea115d998d13178b7fd1294024f449df7595b154855b6974954ca852b604ca8a3

C:\Users\Admin\AppData\Local\Temp\hd.vbs

MD5 d8682d715a652f994dca50509fd09669
SHA1 bb03cf242964028b5d9183812ed8b04de9d55c6e
SHA256 4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba
SHA512 eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

memory/1040-41-0x0000000002710000-0x0000000002760000-memory.dmp

memory/2488-42-0x0000000000080000-0x00000000000D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zon22BE.tmp

MD5 d8f4a1993546cc4b850cde3599e27aec
SHA1 094b763b4cfcc0b05e5d040581cd513c3ca08067
SHA256 907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
SHA512 7c696247f98aa6fe4e1df001fd6029abbbccf45b122d65dfdede8f8a400cda775387c657f96bd1e4e52da7409187892b1f0786c54d835d2e44227b2e1335eaf6

memory/1040-72-0x0000000000080000-0x00000000000D0000-memory.dmp

memory/2488-73-0x0000000000080000-0x00000000000D0000-memory.dmp

memory/1040-78-0x0000000002710000-0x0000000002760000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 bb0515bd556307a9ec579de89fa97743
SHA1 078e8515b6d50213ce1ef46147906fe339e6b3a7
SHA256 4ca6d1353ec1a37b25f0e4a8b57ac75e4d15d4c6fc9dda043ff94e0a6eb5ea3e
SHA512 44e0895f75e957baade017d110268f7cbf15040bffd30caa3c026127d49e3993af2bcd9d9194b22f50eb903c9fa84e73e337fb662ebcb1ee116df14e95ece13b

memory/1040-81-0x0000000002710000-0x0000000002760000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 d6543df5c608b9aa867f9883d35c2b77
SHA1 1755f47485c28a03b4c0095506b1b9476c769fa9
SHA256 06d99f5d05fbf00d2712ec80031c58648b0713cae2808e3a8a5f5176e0abdfd2
SHA512 eafcbe5c6942dc6ac9605e10b60c66ae2ae90dc14fc14f14a7272f4b9f1e09b8b9ee906fca49fbf7d1a950794308e4d6f8cda59a3ed4038426139d06473e46b9

\Users\Admin\AppData\Local\Temp\javaSetup.exe

MD5 f2fd417b6d5c7ffc501c7632cc811c3e
SHA1 305c1493fca53ab63ba1686c9afdfb65142e59d3
SHA256 a87adf22064e2f7fa6ef64b2513533bf02aa0bf5265670e95b301a79d7ca89d9
SHA512 289ee902156537e039636722ad5ac8b0592cf5cffda3d03cf22240003627b049382b95db1b24cf6a2f7134b0df93ede65a80a86381fc161b54c84a76ed04458b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc735e5465d45df421af8efdc6f7c6c9
SHA1 64eecd9c14c7b558403c45babbf765988a41b864
SHA256 e7d0d58af4ac00aafb3c1e0cf59a298eae07a3af1eb8f69a79db2328a8695fcd
SHA512 7204279f93d7bf7d3b725ff5142562c3b44d40e5d8628473ca924934f877301b8ca11cbbf31b2c17eb073173dd6d5457db8b80beb7cc7c60c0e8bcd942060db1

C:\Users\Admin\AppData\Local\Temp\CabBFE5.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\jre1.7.0_80.msi

MD5 e24d9b483ce7a3a6a4406111883457f7
SHA1 0d5efff0d110c48f5e6f5d438967427f1e2dbf84
SHA256 dbf28e21d55dd662cccf4d422a1a645a6a3dbfd6914942dde417d20c4d2fe01c
SHA512 b614b023ce683e78ee685be028fa06d7df90f10360d55de2a8c1214200b0b85998683502f377b01584bf23b72b168c33ef560a78d7abdf68aa3af87beca59398

C:\Users\Admin\AppData\Local\Temp\TarC4C6.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 dd4c32b4fd01aef60e74b2dc62d8bd79
SHA1 c6ae6c898d3461f8db5df61416dfe79759ea386b
SHA256 6e40a479b1863909b88de157a6f3a0c86cfe2567b3a946b2eabd470c6641a5ef
SHA512 263905b0cb805bfabbe04229e6090c630e0bf9cc9e4117da5c07a82d042b08210f45f564d9f9468b110f1a67c9f5810dd6cec1078c649a4556ec5d232ad191c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarC5C6.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Windows\Installer\MSIC7BC.tmp

MD5 9f84d910602183954bed6d9660600783
SHA1 82e3b122dc63e0a333bca531dd16667d5fafbf23
SHA256 bf4e4c75d148cb412e28a0b4e665919fd5ac6b9aa6bc3fa75401394759218d5e
SHA512 09fb450e6c6f22a32d5e06f470070aab17d4973afe307b529093af7fa29ab96b61a89814e4964d005459f8ebb25716134a5e1c41f6ea7d260361b135306544b9

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 86b115ce9d199a33d88c349f09a22e27
SHA1 2b7ba854d23f7640342e86b955bf0583a18849ef
SHA256 fc7181c7b6c84f6213beb36051cf7286963d5d2372dad195d789c20f00f11b9e
SHA512 534b44a748620a44c5b3817016391324ddcfac59375ec465eb34ead99f2be28388cd486bc5bb6a6133794b82edb6a2bdc32cf6a9751c0b6c86e5e8202f0eff50

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\Data1.cab

MD5 003a488a2139105704566b47eb29520d
SHA1 52d672a592cd52ad5e2e7239421f2659e0d17afa
SHA256 a84262dd486cf59049d0d2d9a1b00dfb5aa5271592edd8de0e052f12496dec67
SHA512 ab34061f8e04bb1d59f1b35e0e1848a176f2b119095e79015130da3a4384c70fa35ecbe1625e07c0eb0de49c67bcdbba59f10fa1dfbbb2066dcb6ee6825215de

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 5da1b3686b8239c4278b11288b0b441d
SHA1 fde3ebc5be1347693b9a66877f78d40929383ff8
SHA256 c2e1e432f32ceaef9be282ed1216275604f03a9fc514781161eaa89c32046f56
SHA512 a5a118bc340169f36c7b69a1d5e20b23be6132be6926664d67839357c40ac7a9337014a9aa570b72f3f3ce816a3b003915516effb764ac00f3959a75a9d05b1d

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 a4a7a1bb494c3808f6c61b7a016b0e1b
SHA1 78c93a6cb226ae9fec29eb5727737b88457c09ad
SHA256 415da94b6e737947ad017a683a71fa1ab41229ae062f46e18ad8b427dc63b6b9
SHA512 9cf5f993f137024edfe2c35186beaffd891cfc8122d527a95cc42eb098026766ae35f2c53625f50b4821f54b055f21dbe99e6da3dc4c08ffa49419b58553be93

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 a256804cf7979b72a2e05766cdc6e6a4
SHA1 7318c80b4ff40c397a27cd2fce6c157bea503be6
SHA256 0ce92642049b8d6cd1925f5697eb4fd699594fc329d590fb482f9430a449c4a5
SHA512 8c8fd367f8e990ae1d291b66ae34efd76dc547e53d3e80b334ce00fc05a703c9a4316025426363106f614ecf64567bb98b918ab019ed084ba47e06f634c397f8

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 95b6db47d83e1c43fe0a6dfa89b6cf4c
SHA1 ce67c5f379dca2775815dba04875bee40dcc8c14
SHA256 c3fccdfe60a45a816f9389a8ed5678862bb151d10d58d5ed7275a7d0e3714388
SHA512 4c9df5f9d618bb0d6827ff187b0f7ba1bc7b17fb34635a84a37353837b5afc6c0c4ff0c913608edb6ec478c540d79084fe2aaa15f45628ab4a53938a223dbbe6

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 b0949b14d1ae9196d12eaccaa0b62107
SHA1 4acd9a8d1411037d73667808f243572d2239c436
SHA256 295f8c8bb8e6a16f72874ca3bffdf21b7f4050cdab3bdc1bf055f6a86ce3ea95
SHA512 b25bcaa9dcb3491a98c799d3281fc88988fec2d6a50c2c127c89a5fea789ec657ab3da53ce54b3f1dd40d33c7f415935bc57b101c23b07d7298864c9047cc906

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 5b2120b15b094ab218e799bfff61dc14
SHA1 e28431d7b6e4b553a5d1d16ec3b8f97e4c99e3e9
SHA256 890825362b7fc3c0d04d28220a0448db13ed45caf20fb07e24cad7cfc89b8af5
SHA512 9e7938223631f324d5b7729f0957a9369d864df6d1ef8075419c626b5873e81a39775cb6a2e1a08d8da66b3f444f2eb6699c6b9dee076fdb2a8feacc590eb49b

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 2b86d39053fc6e56bd766e03b26a52c0
SHA1 ef3dc18b0959019ac4501feb955921fb0053907f
SHA256 a0c4e58373a32071c13ea9d822f62773b50746a310cd371e425a2156963e0548
SHA512 b156b87ba767de35d4be1738eebd393fc584c2294f529834f20d63d5179c6b198925c68b94af63243bc667fd5f87792886af2225c1f3d7933e311b75ad1bc173

C:\Program Files (x86)\Java\jre7\lib\rt.jar

MD5 bac77d8d145bd553c7efdf7978d9dff0
SHA1 31da52beb0237a6ffd6ebc4a766d92f12a226fb6
SHA256 a85b24d93ceb6095691838dda51d31bc5e8dc94663514b46c48d7c41d351aad2
SHA512 2aabc1986338a68cdecf6d46afd6492a90940d9412bf8f7ad7c6183091403a784244ecf1007dc3875a892c0b1c2557f5de31f387011ca8db657f4367f5fc86ba

C:\Program Files (x86)\Java\jre7\lib\charsets.jar

MD5 3f080df73b2d7cad61bddcf709aadc72
SHA1 616e9ec760722737f38213f43755131f836dd627
SHA256 dd213d0867714191e351f589dc709d6f3cafee819aafda8f8fe022d367ea189b
SHA512 733b65d3662f2eb9a8f64212e306d934929a05fd753040073f7e2769df77791c29aef9e35610b7b22597bbea6d805a8e04f93235fe761bf6bd5c5733c867025b

memory/2492-225-0x0000000000210000-0x0000000000211000-memory.dmp

memory/2412-230-0x000000003A000000-0x000000003A010000-memory.dmp

C:\Program Files (x86)\Java\jre7\bin\client\classes.jsa

MD5 2c579cf8b7ed01f102c2ad02b9051131
SHA1 d7e19da7a6388375486a8d0298deee8e0b5f39ec
SHA256 cba00d18782de142bea721a68083d24698607612fcf530045b6f746104489266
SHA512 cd0ce16bf6cf4e343a5e1921f5f45473de3493cf1086f8c9c304e0afc7e870c9cedb15cf0e8e853ea9e4f0aba86f05d13d41bb28cd6d6192b969abf361d42350

C:\Program Files (x86)\Java\jre7\lib\deploy.jar

MD5 77b802d823d51ad8aa299e414e114004
SHA1 241c8b59e6fbf4fcdfe790264415ed2bf1af2206
SHA256 ccf285a0bcce9f79f74180f4767c2dbffccb52c8c2fd05c0e3669708ee6d60a5
SHA512 2d5b902eff2cf83820eae3e73b9a31745376e612e2cce5564f5cc38fb5506e83ec91e6073d4ed47ec6d9d9abf3f171652db72889fc6b8222bb09668689be2e6d

memory/2412-253-0x00000000001A0000-0x00000000001A1000-memory.dmp

C:\Config.Msi\f76c4aa.rbs

MD5 0648cbb6a0099a214e9e347827fc08ca
SHA1 91f5f337e03d31029ca2e154359ad82c96c58e1d
SHA256 19b5c5944093fb12bd60548c399535771ae60063e38d7c8dceee34266446b64f
SHA512 7c7125a5b9b5e2280b45192f534971e1aaaa8e24b484309bc6ea6318dc68aedf532852e4eb781180b88a570a9d1e70717b6c2ec2b3a72ce4668b3c96c3634369

C:\Users\Admin\AppData\LocalLow\Sun\Java\AU\au.msi

MD5 55d7e66e49c3994eb5e1004a5efd22b1
SHA1 aa8a045dc0c161e95804f76efe27f1f572072fa8
SHA256 0a833d92b4d4aa068b0cb256b87c0d3495c3cc4a021be86c072095fee467b379
SHA512 2492ca442c4f6aab1f085a54bbbc1a95b836f033f1c8748fa6c3873997a397020baedfc1f661d751afe30ade3ab14b66a676a4731696b6c90c5c3adfa6c2bd2b

memory/1800-281-0x0000000000210000-0x000000000021A000-memory.dmp

memory/1800-280-0x0000000000210000-0x000000000021A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 f4590894df46005206fd09e5cda47c22
SHA1 7c6c47956022332fd387044d598580a81f03c00b
SHA256 13cb01c809ce6aaeac680a4d51e47ef5d0d4acd608c1c02085be646c3723e8f5
SHA512 ee9a8c0a6bf080ae0ad4b1aa34c553401edeea5c9ac56a493d55950c05defdfd141522a3f6ee015f43d492682d9a8184497f844577822e1d63523ca155c36763

C:\Program Files (x86)\Java\jre7\lib\jfxrt.jar

MD5 100e636bb4ccfa983dbcfcb5480ba8b3
SHA1 8750dca02791375555054cf81252f4c5e276a042
SHA256 d58af7d9df8e2509ee36ba0d4f9f198b7121fe806f663092d969c39c97a21120
SHA512 2407523c9af09be10e2a8544e7e32019ebc0e381ca2b2288e43cf2b988633272ebfe0acd6bebae51d6b9d8f91b3ea8e5823bcc0c9b696d416ccb5e083a8a236a

C:\Program Files (x86)\Java\jre7\lib\plugin.jar

MD5 d1629dd609f3f1be02e254a64b4c259f
SHA1 091fc2be38c41368fb92d9e42e2dcab6c70b5be9
SHA256 3cb132271e9005087bb25e183a69a2b71966e70e98de2c8a86518f841471218a
SHA512 505af490b14bbdf9c9e4e078a7885dcb0f52a1cdfe1b603ba709305216faa9b60275f947c4757779d2bf34ecac6fde927f6c0b9d2b98619b7edb0f0ebeba8bf1

C:\Program Files (x86)\Java\jre7\lib\javaws.jar

MD5 77187a69d58b89201466a53e6875f8ec
SHA1 0fdbbbe09e58a46948e5132c3d3207e43ec94daf
SHA256 3d3672969e99ebb2aa54bc6f0a8e6714c754038d3f2e664822c971209d35307d
SHA512 a9aa997232e5afc7fd2f989e9f05e7743f729e66d61aa59bd3ba0276b1874a4cec05851ab4f513e873ca96b7436dfc40f902e92a4da4d12ff120d065289912f0

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 d1955f7962b85e6a131700d8ce73b0d9
SHA1 aed5dc3802d77802a667dd8988dbe0a7732671b9
SHA256 a25447937e22c0903a8adef390b41c42a4aeafb361cc0ae9b4d82ed1430dd6b7
SHA512 69002e7d2f29fcf61436058ff8da74c5b5d469c95ba4861c7befffbcabc7e622d1d59115aea4b661ac531be3b57f3fcfec476a1fa89e71537c4882db523343ae

\Windows\Installer\MSID910.tmp

MD5 3e3dec97820c7402decbfde40b91bf72
SHA1 eb7a38fbf763e6af27b35f718b95012596dac5e8
SHA256 afa7f8f230350bafb29d14ecd71f06f146c49b374ff5d577503e3f3bbcf48969
SHA512 735735ac8299276418cc025ef8356e25242855cd750d965dde9e49b3e66bcb3e68f7f998f95f1defbce803908e158a2cd2baa55193180909893943b0ab4c7c4d

C:\Users\Admin\AppData\LocalLow\Sun\Java\AU\au.cab

MD5 5faca38c639cb2a317ca4280d0cf27bc
SHA1 2e7fb7cf0e30e5417a27fc8c13d280ff1d7b4605
SHA256 ad2aa0b273965408879e44ed8f9ed9a017facf6fa9ef48cc25ddb26aeb7cffaa
SHA512 bdf51f3885d248458247116cd73f3940ebb5618814485fc2b3e8fc6d75e2a326f3c3482a859190cf818c684ae0d93ff82ac3439ff58d1313f2fd74567cafa257

C:\Config.Msi\f76c4b0.rbs

MD5 7c722c3b7aa3e1af0b552c94a8bc403c
SHA1 4bfd9e43aa66220c4f033dea700e6e8295a5d446
SHA256 01d5bc3a08e88b7bfb6f138a6a55447e999b8dea6824b2028f11a6053a28d3d6
SHA512 6f04f6a907f9904027f387eb57f1c1e7224aecd2875eb548218e30562e3002fe5e3ece8333408389b85c898bc01441bb0359ff72dcdf99e9aa8adc5821e24e35

\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

MD5 a6d7d454c641f7b1fe566987fa5675b5
SHA1 ce07ee70116514c05361754bbef64c3231acad1f
SHA256 9ce45422200ab8f3552d51aec143eb185127be67ae5a3fe8eaf7b80789a2a7c1
SHA512 805b365f3440ad2e3e1d41de834552990d6ca29d4a82e333e3d86879eff3bc6d22d8f95286d35ff059a52b362636652a7ba49710155365974ee2647d8fc13afe

memory/1800-379-0x0000000000170000-0x0000000000171000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 81f5438582a4cb56e35d6f66a9c46bf2
SHA1 00741454571ea4ca1f3377f2781c8fc5e2bb7104
SHA256 55a7fc4b7e9fe910873448299f44a2ae9823f4ba1e3e6ca32eaf69ce37a2d2e8
SHA512 506ac622bf180d8f4802621b6515d7a3bc1146fda6cfa8132ea5e91c4b193a9688cd994d0b4d05be39002af60053f7f935b713e965b6fdbb0ab0203076ee9731

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 57e9f1144d12ed9ef82508c5939753fc
SHA1 68e1255fd9a1f8932d9edbfcb8d0f107b623c1bc
SHA256 f44b16647958d64d02b0a9d6045821f95643f904b19931f0041d17d3b54cabd5
SHA512 4e70a6ea507562533a6b8c739d88f092c08b18d314adfe2234e86749bf23fcc77d67dd7f6cc95ecb4e965f0c4e641b2624a199050eb02c6999269fc989e803f0

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 b8d7dce575f60170bb540123a599907c
SHA1 4e87107d1ad60514d5f09d29faffef9256fc1915
SHA256 85afeaac2740291c536702241c49ed30e27926ce8da5e6f041277d3fef7ea1e8
SHA512 e89ada44cc1905370c03fbaec1ed6c8d48fb657eca2b4b41440b8bb1f94a57fed9e3b276d30401fe28a37b1af46c0dd3356b058b5d3dbd770640f11296fd1e69

memory/1800-416-0x0000000000170000-0x0000000000171000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 0224cdac340dd5e36aecca35e4be7f95
SHA1 7ef0d9cb9882bee46d7baf7bcb823fec8305fc7c
SHA256 3431c3bf9aaafff26236177cce13f0dd9316e220670c51171513531f11933a1c
SHA512 239152c35ce71ff88a25745ca94b9ca1108d63faa6f863fe4eca904a6ce442542b88fe369a1d7547e0c4e7f4c30fbfc541fdadb32ce35164efc0c57409ba905b

C:\Program Files (x86)\Zona\utils.jar

MD5 588b2034783f7a9f9a676b5b05e4761e
SHA1 08958944bcc5282e3c43e2cb56fdf35dcec232a3
SHA256 519c51ee832761160864adae65e3ffd2c7dbe8280375cd0957926e980cbf6fa3
SHA512 55158bba1f9cf1485a8320d59d1f0be88660ff391d50ac5a511a7be077b3ea8e82917d99f31a0f5ae20233d203a9546ff962550257433fc4dee1cd39ade8e93e

C:\Users\Admin\AppData\Local\Temp\Zona.7z

MD5 1000528de212b75d1e98e1b79f725681
SHA1 926ec452e688c23bfd27569e461ade6bc3e5e569
SHA256 89a9297525284c9d7d93e782d7709f02530844475915dbafdaa6086c1c26c187
SHA512 123eea76302579286371023c112d12e28315d50dfdb613d6f0c6499c502b4987f4d07a10cb49b7b0e58ba4396680312b15c1c833202471f08e10b90fb71142ee

memory/2672-474-0x0000000000200000-0x0000000000201000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 b7fcbc40a1a791f9ae7ff5b96c69930b
SHA1 46e8d43dab31e098de8c000aa9574a20cb402048
SHA256 3e77cf8e815b101965d8b91b5aad6c9a359a94021139afa95caa9ce8ae90f413
SHA512 c6135b0f3fc17da055a496b0e1572babb2af57b2ed7ec56997ad77149f0154ecc9274fa76b8bb032969e972209e4174bd37cd849474bf0cf47e33f400e8273f4

C:\Users\Admin\AppData\Local\Temp\appdata.7z

MD5 caa8ecbd2704a23b18d8430bbc9e6b11
SHA1 8db93dff741cd35c6cf5db7ee9a7804c58697da2
SHA256 af76dad2973ba0a79971f410569ecb93987bc3b16be257f71a16c521367604e9
SHA512 f6cd4bd69cf7e1d1a8759b1abe910072a0a1bd81e71a30f6ba45bae7f26fccaec353ea4b390ae5e81d617c4dc1f5e2c7eede84ba9bcdcbebffc0fbdbf0df9a5f

memory/1220-511-0x0000000000210000-0x0000000000211000-memory.dmp

memory/1220-564-0x0000000000210000-0x0000000000211000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 e76364383fd2ddc02bf06bc0ceba8b75
SHA1 eda6256d856775c22165b1b16859aed6200cff28
SHA256 cc3a4286c26b9037b1fbc7c73e269f80a6cb10b49f8acfdd7b9137568e0a2a09
SHA512 98ee9ae3c96a017fcbea3bf1059cbb1cdb91fb5bed5421d842c52202c8490f94fd0101bc6a17c4db55964b0c2916857543fc20dd29764d3b6e5aefc6ab3bb352

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-04 03:14

Reported

2024-05-04 03:17

Platform

win10v2004-20240419-en

Max time kernel

141s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Windows\syswow64\MsiExec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsAccessBridge-32.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\SysWOW64\javaws.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\SysWOW64\java.exe C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\SysWOW64\java.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\SysWOW64\javaw.exe C:\Windows\syswow64\MsiExec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Java\jre7\release C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\fontconfig.properties.src C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Kathmandu C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Hovd C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Dhaka C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Troll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Gibraltar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Istanbul C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Funafuti C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Guadalcanal C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Ojinaga C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\unpack200.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Africa\El_Aaiun C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Macquarie C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Luxembourg C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Minsk C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Guam C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Santiago C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\ext\jaccess.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Algiers C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Amman C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Brunei C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\South_Georgia C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Helsinki C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Zona\Zona.7z.tmp C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
File opened for modification C:\Program Files (x86)\Zona\Zona.7z.tmp C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\jsoundds.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Montevideo C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Tallinn C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Bougainville C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Majuro C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\jpicom.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Davis C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\security\trusted.libraries C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Costa_Rica C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Guatemala C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Tehran C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\fxplugins.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\ext\access-bridge.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Taipei C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\London C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\EST5 C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\jpioji.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\cmm\LINEAR_RGB.pf C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\jpeg.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\ext\sunjce_provider.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Lagos C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Asuncion C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+2 C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Auckland C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\LICENSE C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\fontmanager.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Monterrey C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\net.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Cambridge_Bay C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Detroit C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Yerevan C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\sunec.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\ext\zipfs.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Kolkata C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Brussels C:\Windows\syswow64\MsiExec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9849.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5793d8.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9D4B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5793d4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F03217080FF} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5793d4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9654.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files (x86)\\Java\\jre7\\bin" C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files (x86)\\Java\\jre7\\bin" C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "46189520" C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Windows\syswow64\MsiExec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_36" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_25" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_33" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_32" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0080-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_80" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_30" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_16" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0075-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_43" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0080-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_05" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_27" C:\Windows\syswow64\MsiExec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_85" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_19" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0094-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JavaPlugin.10802\CLSID\ = "{5852F5ED-8BF4-11D4-A245-0080C6F74284}" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_33" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_81" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0084-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0092-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0082-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_82" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_53" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.1_03" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_07" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_41" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_78" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0079-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_35" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0084-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1724 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1724 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1724 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1724 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe
PID 1724 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe
PID 1724 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe
PID 5060 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
PID 5060 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
PID 5060 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
PID 4540 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 4540 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 4540 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2896 wrote to memory of 408 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 408 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 408 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 3804 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 3804 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 3804 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3804 wrote to memory of 4236 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 4236 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 4236 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 4352 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 4352 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 4352 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 2292 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 2292 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 2292 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 2768 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 2768 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 2768 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 916 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 916 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 916 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 1388 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 1388 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 1388 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 3124 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 3124 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 3124 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 968 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 968 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 968 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 3804 wrote to memory of 3588 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 3804 wrote to memory of 3588 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 3804 wrote to memory of 3588 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 3588 wrote to memory of 3868 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 3588 wrote to memory of 3868 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 3588 wrote to memory of 3868 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 3588 wrote to memory of 5316 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PID 3588 wrote to memory of 5316 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PID 3588 wrote to memory of 5316 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PID 5060 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 5060 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 5060 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 5060 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 5060 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 5060 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe"

C:\Windows\SysWOW64\cscript.exe

cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs

C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1156ea6f83f9ba283ffb27769ddd7653_JaffaCakes118.exe" /asService

C:\Users\Admin\AppData\Local\Temp\javaSetup.exe

"C:\Users\Admin\AppData\Local\Temp\javaSetup.exe" /s REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\jre1.7.0_80.msi" REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0 /qn METHOD=joff

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B553A2019BFD6BCFAFCA8BA653B222A5

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding ACDE6987E1706D861CE1ADFCF7E134AA E Global\MSI0000

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\rt.pack" "C:\Program Files (x86)\Java\jre7\lib\rt.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\charsets.pack" "C:\Program Files (x86)\Java\jre7\lib\charsets.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\deploy.pack" "C:\Program Files (x86)\Java\jre7\lib\deploy.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\javaws.pack" "C:\Program Files (x86)\Java\jre7\lib\javaws.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\plugin.pack" "C:\Program Files (x86)\Java\jre7\lib\plugin.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\jsse.pack" "C:\Program Files (x86)\Java\jre7\lib\jsse.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\ext\localedata.pack" "C:\Program Files (x86)\Java\jre7\lib\ext\localedata.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\jfxrt.pack" "C:\Program Files (x86)\Java\jre7\lib\jfxrt.jar"

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -Xshare:dump

C:\Program Files (x86)\Java\jre7\bin\javaws.exe

"C:\Program Files (x86)\Java\jre7\bin\javaws.exe" -fix -permissions -silent

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\Program Files (x86)\Java\jre7\lib\deploy.jar" com.sun.deploy.panel.JreLocator

C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe

"C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre7" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTdcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xiaW5camF2YXcuZXhl -ma LWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\Program Files (x86)\Zona\utils.jar" org.sevenzip.decoder.SevenZipFolderDecoder "C:\Users\Admin\AppData\Local\Temp\Zona.7z" "C:\Program Files (x86)\Zona"

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\Program Files (x86)\Zona\utils.jar" org.sevenzip.decoder.SevenZipFolderDecoder "C:\Users\Admin\AppData\Local\Temp\appdata.7z" "C:\Users\Admin\AppData\Roaming\Zona"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 zona.ru udp
US 8.8.8.8:53 manytorrents.org udp
NL 185.107.56.54:80 manytorrents.org tcp
NL 5.35.172.6:80 zona.ru tcp
US 8.8.8.8:53 w1.zona.pub udp
NL 5.35.170.40:443 w1.zona.pub tcp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 54.56.107.185.in-addr.arpa udp
US 8.8.8.8:53 6.172.35.5.in-addr.arpa udp
US 8.8.8.8:53 40.170.35.5.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 dl.zona.ru udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
RU 46.254.16.107:80 dl.zona.ru tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 107.16.254.46.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
NL 92.123.165.224:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.sun.com udp
US 2.18.190.78:80 rps-svcs.sun.com tcp
US 8.8.8.8:53 javadl.oracle.com udp
NL 92.123.165.224:80 javadl.oracle.com tcp
NL 92.123.165.224:443 javadl.oracle.com tcp
US 8.8.8.8:53 224.165.123.92.in-addr.arpa udp
US 8.8.8.8:53 78.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 sjremetrics.java.com udp
IE 66.235.152.221:443 sjremetrics.java.com tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 221.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 49.15.97.104.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/1724-0-0x0000000000490000-0x00000000004E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 9cc4a82c77a8afcef4fc9733790f5508
SHA1 7fce1a5ab85a35efd6e7541ca771eae9f8d1bb01
SHA256 bc93958de5520e2894a5a49ded574dfece13c13b4383a043a6b470c5db012868
SHA512 411d99e50be751e9ed846d87dc41acef217ec75573194d2a99c71c0372fe1a4c65326e54adca539cc89ce5a90bd5847ab6ad2838726042ff5b51ded8a7440e71

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 3c4fece07c5997f84852b3ad613b636c
SHA1 d84ac04e45a0f3fe99a0fafbb31c43f06bb4279c
SHA256 309dcfd22df76f191ef413dfaae3ef1f32360714b3d06d41dad18ccb2170b177
SHA512 d0848397532a0cf2b893dc712f2df3cfdc93d1f8267d7c12f4cb685983448930835adefeb603f2870b215555ff7a4741348c56af0606dd13ca62728dd6f40c4d

C:\Users\Admin\AppData\Roaming\Zona\init.xml

MD5 eabc9481751079cf223352f24f9c86b1
SHA1 df13928f3e664556121d813366790c307e442f5b
SHA256 ec5d3ca4da94f73a19d6175518c9d7d297d9083ecc67e1a4c1a689841bd87ff8
SHA512 9a3d3f5eee1b9307d1d35d62930ce94102329ffc930488b2bee5df6479a22ceea115d998d13178b7fd1294024f449df7595b154855b6974954ca852b604ca8a3

C:\Users\Admin\AppData\Local\Temp\hd.vbs

MD5 d8682d715a652f994dca50509fd09669
SHA1 bb03cf242964028b5d9183812ed8b04de9d55c6e
SHA256 4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba
SHA512 eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

memory/5060-41-0x0000000000490000-0x00000000004E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zon3FAA.tmp

MD5 d8f4a1993546cc4b850cde3599e27aec
SHA1 094b763b4cfcc0b05e5d040581cd513c3ca08067
SHA256 907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
SHA512 7c696247f98aa6fe4e1df001fd6029abbbccf45b122d65dfdede8f8a400cda775387c657f96bd1e4e52da7409187892b1f0786c54d835d2e44227b2e1335eaf6

memory/1724-59-0x0000000000490000-0x00000000004E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 48a91933b9eb7b9416152ab8bf30e9bd
SHA1 f59e052896b18e0ad7fa650263cf9b139be1e173
SHA256 e207a4f568888685f6de690cc36402b437526110c6f09a778a22b5af46eefc12
SHA512 3690a2b7b6f7ab260459a5345ae3df9fb212f4fdf124ac8092032ce62f9bcb8d0efda83b4ae4c9525a6e420119364cbd3670c64177fce5b9f03df890c1125946

C:\Users\Admin\AppData\Local\Temp\javaSetup.exe

MD5 f2fd417b6d5c7ffc501c7632cc811c3e
SHA1 305c1493fca53ab63ba1686c9afdfb65142e59d3
SHA256 a87adf22064e2f7fa6ef64b2513533bf02aa0bf5265670e95b301a79d7ca89d9
SHA512 289ee902156537e039636722ad5ac8b0592cf5cffda3d03cf22240003627b049382b95db1b24cf6a2f7134b0df93ede65a80a86381fc161b54c84a76ed04458b

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 ab6e863e3ae437e0828defad2023917a
SHA1 df5ea436c72567bcbc7f4479b9a8e3efbe4d8fc2
SHA256 475ed77afdd102b53fea021e67e30253cbd972e7c6bcbf97156208e357899be2
SHA512 53be097de3a5374cf37863fc00bfc49ba18126aa5bba6c80f5527b9c45ef610c5d5a28de5607df4a32f1a2033d366e292e50e4f7dd6edd83b2436e50313c07b5

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\jre1.7.0_80.msi

MD5 e24d9b483ce7a3a6a4406111883457f7
SHA1 0d5efff0d110c48f5e6f5d438967427f1e2dbf84
SHA256 dbf28e21d55dd662cccf4d422a1a645a6a3dbfd6914942dde417d20c4d2fe01c
SHA512 b614b023ce683e78ee685be028fa06d7df90f10360d55de2a8c1214200b0b85998683502f377b01584bf23b72b168c33ef560a78d7abdf68aa3af87beca59398

C:\Windows\Installer\MSI9654.tmp

MD5 9f84d910602183954bed6d9660600783
SHA1 82e3b122dc63e0a333bca531dd16667d5fafbf23
SHA256 bf4e4c75d148cb412e28a0b4e665919fd5ac6b9aa6bc3fa75401394759218d5e
SHA512 09fb450e6c6f22a32d5e06f470070aab17d4973afe307b529093af7fa29ab96b61a89814e4964d005459f8ebb25716134a5e1c41f6ea7d260361b135306544b9

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 251460ea057f6cbad8a5347aa6df4d40
SHA1 a85769d7f5273d41eaa062fb882ad044f242c408
SHA256 68960b951a69b0ff73a112921236d44aa9c8acfdc3b457bf87e8376a14fc9394
SHA512 75d85babd8b124e0deeeb78470e1a2e554361da5b78b2312e1f55497cf12445b66fa5b1eb7f098dc782513606ce5e4a0573cc3db8267064d7bb80ca72d69f15d

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\Data1.cab

MD5 003a488a2139105704566b47eb29520d
SHA1 52d672a592cd52ad5e2e7239421f2659e0d17afa
SHA256 a84262dd486cf59049d0d2d9a1b00dfb5aa5271592edd8de0e052f12496dec67
SHA512 ab34061f8e04bb1d59f1b35e0e1848a176f2b119095e79015130da3a4384c70fa35ecbe1625e07c0eb0de49c67bcdbba59f10fa1dfbbb2066dcb6ee6825215de

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

MD5 0d46182b6134aa9c7acd16133d67e4c3
SHA1 7b5be3d65e5e744723bf55a08f9dc1042585d5eb
SHA256 c89091f2a4de2fcf10b30e54a74ec5764e2dfc0577f4f1d879ac8816e3b08bcc
SHA512 735b6c6bd69b22a71c15ae44c6fa1693700321dc3b4b2367ce05d5c37df62e45d1d3836c2c0f5e44be1036aeb11a533c2a4dbec55163b4a15adfa1c8ef75673b

C:\Program Files (x86)\Java\jre7\bin\MSVCR100.dll

MD5 bf38660a9125935658cfa3e53fdc7d65
SHA1 0b51fb415ec89848f339f8989d323bea722bfd70
SHA256 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA512 25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

C:\Program Files (x86)\Java\jre7\lib\rt.pack

MD5 b6d75e8c90c79af1579769f10b1e5c88
SHA1 146cb3f05fa161885e8faf079fa2bbd89b5c5b18
SHA256 82dc6806d9ec9eb16604f90a5c78d0d882b69a0e718d8f6c3c6b7c9719887b7e
SHA512 02cdd0c0d6e71bc09120db2cd3b9471c0176567d92bb74a08c13e82c1d23722eb4afac41583a11dee3fc531fd442754ee0f5cb964898ec036ddd432947996037

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 525bf7f5b63ffd5e86fa3aee92551c21
SHA1 bf3cd939fe57f5076afbd231cb5b1b0ea03ba5d0
SHA256 e0e88bda4bcbbcfadb1009060372744f8b3f3628ae29b1d310a99255ec76aa7a
SHA512 825d048f8a3eb7ec88bda27eaf34b5c05a9545a12d48d29fc264aeae571fb2b4aa2957cd1b5459d53dc5d18b7968760d47136a6ec099c5612c3a7ab677b24d73

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 18f48d6714640435ab93cad409e10070
SHA1 fd33c178274fb08adb77cf5c695ce29ba32417bd
SHA256 f7468e1cf9cb05006bb7eebf4ce106f98828351ac7d8637486794ba90e5f5bc2
SHA512 632e4957e610ab787ed9a2cf3e8d988acb16e4cfc4d4df9b52682ca54fa4f7fed980b7b5dd69b1c4dd71554894ee5e5199da630b721f3c7403652f923a16dcc1

C:\Program Files (x86)\Java\jre7\lib\charsets.pack

MD5 549bbcd204914b543dafee670f110834
SHA1 012461935191a55482e8c3d453d245e965a10a2a
SHA256 8ea5af036ec067a0abcf87b8f5921e2281ff9d259e1d4c3bbe7fa9037cd87d02
SHA512 b0346a2ec52ce47351286f27f347f5fea99e160aedde52bcf74e1629739704bd975c9c99d8db6be3b6bd45e7fa933616fa081eda49e9b911efcc031c7241400e

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 a2623660c345873243bb8f88145663b5
SHA1 d8cabac7b4057649bb6ca31504719fb0881c7190
SHA256 3532daff57c2b70280ef79edf17af55d108b2d46b88bdbf248fab74db2a43d14
SHA512 60dc96479ae28a9011dee7a2e8ff2cb60ab548a6164ba8f5562fcd1cb154362677a68c98c62aa62333ac9812d4ddb3e332957efdbc5acfb5eade18f111c21f6e

C:\Program Files (x86)\Java\jre7\lib\deploy.pack

MD5 b2a448112b7c886ccce9b6a3d5efd8a0
SHA1 660bc9efe960015b208a421b1a63443e7151024f
SHA256 928f6b847f94b920c462a08c43f0dfd3f7c40076b1cd60545523a5c27a4870ca
SHA512 871da63f4eaf16d77ba6c19c10d8ddd8e94f744c20a70e24793f837023d20e56698d85f67498bc06ec37b73a8f376c220afbe7f3884b00536b710ff49c339b3f

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 e2aaff5f40ba3fbc2df129ed2157dd19
SHA1 8d6b9aeeae45922687e24365cecffdc0e4997f08
SHA256 1e1a1fcf7c15b8f6019b1696765c696e69a510bb25fd29daa4f8286b206e738a
SHA512 e1e5a42c4b5bac65b4747b149a694d738fe7e4e7c5398ef564885796e4d9d3cf5ae4ef1cd2066dd6ba24463654c090d79ac84e0f1ad76575155deab8088e6843

C:\Program Files (x86)\Java\jre7\lib\javaws.pack

MD5 491bce42c6cd8af88a2e11f37711ed4f
SHA1 3de7c18fee44465a6afe34e068f2a64dea9fa324
SHA256 ee43869ee94eefe241d661101ff6a03cc276f8e558967b1b350ea088f1dad2e2
SHA512 1e5f99466b77b5a82c23449434272acf5746811ef96b98105f89b3339ccd86734d7713c94b773755219345d673a761a356fbe846a38e7893bd8894e43cf102e4

C:\Program Files (x86)\Java\jre7\lib\plugin.pack

MD5 47d6cfa1b01a6d41885504bbc3b1919a
SHA1 3838060f9d530c972d65f36fa38b265120a218aa
SHA256 93defaaf7f82e2e9565b27dd31a41c89e02d1b7719d0da0b940a55dcc75b91e5
SHA512 b0df9b174624234aaeb2b50cf611f698377925a0ae5c5ee9da46c65fcecf4d28941d1bf2332316d9327981c1f8c6c4fecf750e013f04eef63f5df52d27593135

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 d2c611a13ec2cd37d228aad0305dc734
SHA1 b7d5dd93fb333c96f9d0c516fc862a1f6dc31ae8
SHA256 648dac2d3607a22d24056d6d29f1e43343c0e812faffa92a381f627cc42789d4
SHA512 5e73bcfaf14e4a45068a74623e9ed39276844efc6269604ea231f1457c5837605e34ebc7fbf106156b0d653c3a0ce90bf0817d09a44a7b268718747506da70d3

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 6395ef19c45e81bddd74837a1394acb5
SHA1 92a97d8fa5c76891d0df4b4d9812370ee85859b9
SHA256 a0da062ab80c0dc8d84f51bd76faf53001cd4b48bcbc0ddae6d75e210ea92ccb
SHA512 5bb7439566d386aa46774e71378284fff75855f2b5971345d54e5142a23a9488a49b1de2a9533d37cb3f33c8d50cc64727daac7c96ca6dd3779144379a068fdb

C:\Program Files (x86)\Java\jre7\lib\jsse.pack

MD5 31b4d9c29d29567b0ae3037fac9fbdc6
SHA1 8b5d1b1a309177466d71a742414d441f600ea38e
SHA256 9f031f2f1292bb311c400b0a93a11b78a08f013332b1263ea58617b6548862eb
SHA512 b4a8a3a1e837f98a3164e19a6fe939819eb336892335de975822890b52b5923d85fee4c4e5464ccb0d46c847f37f7da98a839aadbf4d20fca355f396a53836c0

C:\Program Files (x86)\Java\jre7\lib\ext\localedata.pack

MD5 c8dc1cfeaf0fefc39ed0f1de4eaa175c
SHA1 11cacbb9e5724d37789455de37a225d8e0c648a1
SHA256 da2803a283d28882182e1e280b4f25ee1579a5805e73fcc9882e63968f102a8f
SHA512 6b419ba94ae90f8caa3a57690f2ec7e249c9fb8ab86819439621cde1243c7636ee76820622ce32ed483ce76976f7ced74778898fc2725b1a2407b039fb53508c

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 cc147c8509b89de26462cd73e51d3df4
SHA1 b37e85f40a18c1832530a760b309799378f7f6a9
SHA256 2f0f162f348b4020566418fd30c090fac83883284dde7c163b923f68d0886c69
SHA512 b8ef88fc7c91371605dc12a6fae41fa576836ad7eecbf728cd78ab5de9b235c221d5f43d2e9f9adc234f6ae5c3e823dd1b213aaa0340aa8d341015ad393a3e93

C:\Program Files (x86)\Java\jre7\lib\jfxrt.pack

MD5 dfaa6429468d56ef77932cf26a495f75
SHA1 8a21a29225640f1829ae328a24ef9cb5e215a4e0
SHA256 8c481a549acfa58b1bac0385906febe33a928d004a529fec505b6a9228678fed
SHA512 6c19ed573b111315648de0646441486729b304452c15b2282938460a2339db0be4e1eb19cf6f2bf17f73037811ca2553a15957ea96b9d9af64a93045407c1148

C:\Program Files (x86)\Java\jre7\bin\java.exe

MD5 88651044108e995f9801e35d2582491c
SHA1 abbf404c0253d085223a64ab947e1057c4211c9c
SHA256 c7fd72a0730b377c6da5ac80cdaf5f4cca84cc999a563a4c420fe5a8576810f8
SHA512 486b1d7ad7c3debcb8d70f9351adb08c8321c4cfb409a00ff818be1dacdc376a0eded630ccdc74aa99cc472589b88c9681989076fd78eb109759d33e7bf70543

C:\Users\Admin\AppData\Local\Temp\java_install_reg.log

MD5 a571a80e3e7f07d8d5318528ffcf057f
SHA1 e3ec23f4b500ff697f327a186c6b7a1d0203d242
SHA256 9bf99654183263090ac650e9f691e074a0de278848a0b618df2c074d9fac23e7
SHA512 70db57b8e9aafeaf7fb4e7c7bc4a7b91297b3e5ed7dbe683c63c8191bd98c0a92457d92ee4ee379eca4935c85362cbbfb1bc9fa4a00cc010afec40752d641be4

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 d2e9d34c1637925fd78e8b50a4f99e08
SHA1 60d0305c28b552de164a3329773944b58997873b
SHA256 101fe0922aad00efb8c475d03b3fe59801ecfc7ee1db2f864f2ca59f9f6b76bd
SHA512 3db8c574d878194acf492f6df2b5c45e6c2babaa99d2a928c64433a24ec252d858a9273717617b5457d91c62b5cfb00c4b2195d45657bedcc1850745d5f17497

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

MD5 64e2bb67ea740860510dcc5c2b6ffa2d
SHA1 6c5996358264624cdb4a075acc4f0b46177cd259
SHA256 844ab2231f45fad60d81770ea36d9937da9aa72cd905ce06e7471ddf9d69263b
SHA512 ed24331883ada44d8b034f5c8bc458e53234109d5cd02a27989972033f5b3305d23365106ce80be81caa16e472c14c103e457a1e0d138eb0d95036e58d877462

C:\Program Files (x86)\Java\jre7\lib\i386\jvm.cfg

MD5 5147cce789cd18ad6b2996eb89e5d866
SHA1 756f1fffe96ef581f0d4d47253523544c89a2622
SHA256 c471d622198461715f245d478484fc7c8de533313c56e922931a875460a5aa88
SHA512 55f53adb70b1cf741cdf0dee74d92d2bf4c96954a760afae289972a0ea9bb27bc5eb4df1bd41829c7c484211fcb294fe296a4d560d8a1cdbb8c707b3bf2a79a6

C:\Program Files (x86)\Java\jre7\bin\client\jvm.dll

MD5 27147e1e3faf9b5ccda882cd96f2a85c
SHA1 7103f60121727917f812bfc7cdff5347fc17cc8e
SHA256 500d359211ece211cf672de328345876f016fb4a476b2a03cbc3b8b89023ae1f
SHA512 0866c604911e243687e7fe721142eb882b19691c902736b59ba304933463d8c9154ecc319b91c9771cee8139e151cc2a2e960bc7a93ed97352cf5232a0964194

C:\Program Files (x86)\Java\jre7\bin\java.dll

MD5 a258a133f7d565600647a248ab95792c
SHA1 1c6a855ca1fc04413b906b0b17609eff38317161
SHA256 81ad5696a6fcad89127fc7a428636d431b446ff1ee0c37bf87e8d513a8bae7af
SHA512 bf9dd97947eb0c71243ae28255af54b06d9e17af7ade666538dd93f9fdf6d8fbc3855f48bfaf6522dbd9ce3c6cff655581f092709670606d033f2321b1f4a5e7

C:\Program Files (x86)\Java\jre7\bin\zip.dll

MD5 1ecf056944068b933ba71cda3edc4a68
SHA1 2052b2138db0d9a368942470b41bb6fc5b1d4007
SHA256 35ce7ab154a38e97951714e17f7689873d89e8c01188de6e5cd741bc0ca3e384
SHA512 cadf312841d392a9970cc068b72063e17454d5e6738b46ec9622257d9dfc0bcad0d9420352752bf7d8f8e8ceaf6aca97d83896f753dc12cfeac3e5efb5e1ab05

C:\Program Files (x86)\Java\jre7\lib\rt.jar

MD5 bac77d8d145bd553c7efdf7978d9dff0
SHA1 31da52beb0237a6ffd6ebc4a766d92f12a226fb6
SHA256 a85b24d93ceb6095691838dda51d31bc5e8dc94663514b46c48d7c41d351aad2
SHA512 2aabc1986338a68cdecf6d46afd6492a90940d9412bf8f7ad7c6183091403a784244ecf1007dc3875a892c0b1c2557f5de31f387011ca8db657f4367f5fc86ba

C:\Program Files (x86)\Java\jre7\lib\meta-index

MD5 8bff510abed2b6fcc5a83eedb65b1766
SHA1 ba6d0cd7504a5baeb963501b8bdf315ec6cb355c
SHA256 afb4850419612e0daf1876a5d61120ed0ccae241f188c25c014602007b3a765b
SHA512 8786bd672ce9c53f4c31f8206d621eb06ae7527f9adf3700955cc1cb928dde145b684666a5eb4ac11301541f585970ccd377ba144da351741e3cb5769b6ff522

C:\Program Files (x86)\Java\jre7\bin\verify.dll

MD5 cb89b1d71061f5ec52468528ecc0b1fc
SHA1 6feb23a8b5719c8997de92c7da644807fcba8819
SHA256 87d8d59972e73700507c07cee8750b0053c6a0899410338722a00c2803d39ee6
SHA512 2ff0ed38c7f28eb7ea16f24a0841dfb3306c4fec48ded5fddec8c3140f1a425433a444fe6b6cc4c17b3a39841c8ab0c23d7c9525c119c1b9d6daac2c17a4e4b0

C:\Program Files (x86)\Java\jre7\lib\classlist

MD5 1a0b7592ab9c12aff1191dfd225154ca
SHA1 3d3fb5f326f2caea866028558834ae684a2fe09f
SHA256 3837e95826d2273a54e3869efcad1521e000215428a2c7ee9397b650834ebaf1
SHA512 b2932400b6d8c72d344cb0592f121623dd848dcdd341248cf18cd55cd0c4fbd7f923057d022f89586ec6062299d756a37b3ff4308f10865de6ba68b2ee530fe9

C:\Program Files (x86)\Java\jre7\lib\charsets.jar

MD5 3f080df73b2d7cad61bddcf709aadc72
SHA1 616e9ec760722737f38213f43755131f836dd627
SHA256 dd213d0867714191e351f589dc709d6f3cafee819aafda8f8fe022d367ea189b
SHA512 733b65d3662f2eb9a8f64212e306d934929a05fd753040073f7e2769df77791c29aef9e35610b7b22597bbea6d805a8e04f93235fe761bf6bd5c5733c867025b

memory/3588-852-0x0000000000920000-0x0000000000921000-memory.dmp

C:\Program Files (x86)\Java\jre7\lib\images\cursors\invalid32x32.gif

MD5 1e9d8f133a442da6b0c74d49bc84a341
SHA1 259edc45b4569427e8319895a444f4295d54348f
SHA256 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA512 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

C:\Program Files (x86)\Java\jre7\bin\wsdetect.dll

MD5 958bc8d82e4d0a5b51536bb4fc4fb6d6
SHA1 626312fa01c72ec5c85c9262ba0ae97a8b1f5b25
SHA256 2ef891881d506084ed182a0ac58b10dbe8c45877ef889ac9105f19431beee4ca
SHA512 fe17b58e3eed817619bebf6d091aee99fdc331c9c5a4163e9f5993b41b2e7362365da210e0636755ada6b8838012de1bc5435b8670aa12f378a3c9e3a9f5af04

C:\Program Files (x86)\Java\jre7\bin\WindowsAccessBridge-32.dll

MD5 1722510af00ea3c7406681b47bf442f7
SHA1 cafac266d52d78d3743c31ebef22a894781e0de5
SHA256 4010a3ec604a327861bedf01626c12eaded9d381b6e4f0e6f760895838834a21
SHA512 31a2ce3d5eb9828cbb82d2a7e29f2c5bf46528d38f25827329512cedde37bd03b3cfdba0aba3320b6c0e7779588958e83bff735f6059aad37172598e70e863eb

C:\Program Files (x86)\Java\jre7\bin\deploy.dll

MD5 87ec9d4a00d34eb6a0f8f92e1d1cc08e
SHA1 bee4ecae201905096dd44d1d348ecb3556d90832
SHA256 352707a271a9ab5d0e190a539b6468d6c6c5ce9675b300acf2305aa1f30625d8
SHA512 5b7f9866168ad7948a5a80078b14ff747201d17922ca907072a081e0078f6ac68446ddd36b027b4a17f5afa7d1bb4962642cff28cf66867171ebb78735f242d2

C:\Program Files (x86)\Java\jre7\lib\zi\MST

MD5 11f8e73ad57571383afa5eaf6bc0456a
SHA1 65a736dddd8e9a3f1dd6fbe999b188910b5f7931
SHA256 0e6a7f1ab731ae6840eacc36b37cbe3277a991720a7c779e116ab488e0eeed4e
SHA512 578665a0897a2c05eda59fb6828f4a9f440fc784059a5f97c8484f164a5fcec95274159c6ff6336f4863b942129cb884110d14c9bd507a2d12d83a4e17f596d2

C:\Program Files (x86)\Java\jre7\lib\zi\HST

MD5 715dc3fcec7a4b845347b628caf46c84
SHA1 1b194cdd0a0dc5560680c33f19fc2e7c09523cd1
SHA256 3144bc5353ebbd941cdccbbd9f5fb5a06f38abf5cc7b672111705c9778412d08
SHA512 72ab4b4ad0990cce0723a882652bf4f37aac09b32a8dd33b56b1fbf25ac56ae054328909efd68c8243e54e449d845fb9d53dd95f47eaaf5873762fcd55a39662

C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+5

MD5 a2abe32f03e019dbd5c21e71cc0f0db9
SHA1 25b042eb931fff4e815adcc2ddce3636debf0ae1
SHA256 27ba8b5814833b1e8e8b5d08246b383cb8a5fb7e74e237cdbcadf320e882ab78
SHA512 197c065b9c17c6849a15f45ac69dafa68aaa0b792219fedb153d146f23997bfa4fbc4127b1d030a92a4d7103bded76a1389df715b9539ea23ea21e6a4bb65fb2

C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT

MD5 7da9aa0de33b521b3399a4ffd4078bdb
SHA1 f188a712f77103d544d4acf91d13dbc664c67034
SHA256 0a526439ed04845ce94f7e9ae55c689ad01e1493f3b30c5c2b434a31fa33a43d
SHA512 9d2170571a58aed23f29fc465c2b14db3511e88907e017c010d452ecdf7a77299020d71f8b621a86e94dd2774a5418612d381e39335f92e287a4f451ee90cfb6

C:\Program Files (x86)\Java\jre7\bin\javaws.exe

MD5 2b4493bb1f94580c41def972ea9a887e
SHA1 880ca8b20c6df9a6a176b91cc50304cb0fe66d06
SHA256 841339373958786d9c93a7dad5de8fd213ed6b5ad69623f5a5762a453c48e0a5
SHA512 b43e54f2c1f3e0a3c3d2fcee518e47d17476bb735606351e41b49e97e10af758ea9a539ac370a2d12cffa93e3e752e829db969968664c59386f65b732c29e40e

C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

MD5 bc3a575dfb1a58d35e8617f2966bf1ea
SHA1 6353630f62e246d7f462134e8d10a7a42935e20f
SHA256 c029fd3c6ffd2158d0633fc122786838a6f5d3cc7ef78bbe934697015c8c63dd
SHA512 c976da30d343f8e104bec72300dc0c17e582e380f0a3ae85b242dbf2d5b40459feb4a3b7789fb8d755b21cbaa0940038d20dbbf1296a48e77b461092abbbe514

memory/3868-1452-0x000000003A000000-0x000000003A010000-memory.dmp

memory/3868-1474-0x00000000013D0000-0x00000000013D1000-memory.dmp

C:\Config.Msi\e5793d7.rbs

MD5 1870db6a488ed938b223cadb2f2ea7a3
SHA1 686ba7ab7505c7ee4f77f1667abc8379101f6d30
SHA256 8ef9b8f00a5f5452a32b8b1efbd811c3a9324466888d501e9bda6471b88229ff
SHA512 176f5d05e50a5cfcd3b51d851715b1080e501799d3c25985bd512822affb979f0679fdafa9351d3df8a7c1d6ddc93ce2b1c1a28e2895e41b73b69006fd84ff9e

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 eb7918e63edea4a549b02a0d4909f3b8
SHA1 8feba49a3f7145cd3e88f7f3917056be12d1c13e
SHA256 6859f20cd5d52993c5f0bf6bd6b143f61268ddd1f6262c5f0f5c9d2baa917ac9
SHA512 7b6805a8b1596d1bb31396329feb7d7354f180dd1b23baff78262d72540adedc3d4b6c75833eb8c62f31d5c463e253e6cc912df6eca7284911b7e6ca4af30ee1

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 60860c9e1c5d20b95dd2562d5f15af02
SHA1 cbc6aca10bc847b82e881f1ccf2f439206986cc4
SHA256 d78eb420ec85e8e6f5d0877a96e8728d9055cf0a970c255a6e36fe1d01225e3f
SHA512 e6c7fc3b233a7e80f0c5bf9efa111176153c128007bfdc11c88323b0b022a07a3dbc5581e4b3c05f58c6f70c00b8caf4fcfbc4311fa29d7419157915887cc638

memory/5316-1579-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

memory/5316-1587-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

memory/4536-1642-0x00000000011E0000-0x00000000011E1000-memory.dmp

memory/3680-1676-0x00000000008C0000-0x00000000008C1000-memory.dmp

memory/3680-1716-0x00000000008C0000-0x00000000008C1000-memory.dmp

memory/3680-1730-0x00000000008C0000-0x00000000008C1000-memory.dmp