Malware Analysis Report

2025-01-18 22:28

Sample ID 240504-lveahsdb33
Target .FizzyLoader.exe
SHA256 7fa82d63dabfa0284c6c897cb16195a715e0cbe1e794cf47106c796d27e0b634
Tags
discovery adware persistence stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

7fa82d63dabfa0284c6c897cb16195a715e0cbe1e794cf47106c796d27e0b634

Threat Level: Likely malicious

The file .FizzyLoader.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery adware persistence stealer

Downloads MZ/PE file

Executes dropped EXE

Registers COM server for autorun

Modifies file permissions

Loads dropped DLL

Installs/modifies Browser Helper Object

Enumerates connected drives

Adds Run key to start application

Blocklisted process makes network request

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy WMI provider

Checks processor information in registry

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-04 09:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-04 09:50

Reported

2024-05-04 09:56

Platform

win10v2004-20240226-en

Max time kernel

233s

Max time network

300s

Command Line

"C:\Users\Admin\AppData\Local\Temp\.FizzyLoader.exe"

Signatures

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\.FizzyLoader.exe

"C:\Users\Admin\AppData\Local\Temp\.FizzyLoader.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath " org.develnext.jphp.ext.javafx.FXLauncher

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1348 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.169.74:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 142.53.16.96.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp

Files

memory/656-0-0x0000000000400000-0x0000000000457000-memory.dmp

memory/5092-3-0x00000284AEA30000-0x00000284AECA0000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 08db6f4073a58e21cbec8997955d8c81
SHA1 ebe12761c1d5c6d4f393997b15ea522ce8175961
SHA256 8925d60befb0662efbafb068e9d0841cb6543466488ff97d3b30b66236436903
SHA512 79065a24a7a50627ca16d6b615121327f9e13c2cb90e9535861d60c68e5a3808e1b39ebd5345ac048cfef8b5a09e8e8893e551d3b99fd1a2979c49e31afe00a4

memory/5092-13-0x00000284AEA10000-0x00000284AEA11000-memory.dmp

memory/5092-16-0x00000284AEA30000-0x00000284AECA0000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-04 09:50

Reported

2024-05-04 09:56

Platform

win7-20240221-en

Max time kernel

118s

Max time network

160s

Command Line

"C:\Users\Admin\AppData\Local\Temp\.FizzyLoader.exe"

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0110-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0162-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0092-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0151-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0204-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0224-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0288-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0127-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0351-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0310-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0179-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0199-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0004-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0017-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0031-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0144-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0294-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0186-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0191-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0047-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0172-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0197-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0122-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0329-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0259-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0133-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0370-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0035-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0236-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0281-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0186-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0096-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0234-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0040-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0105-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0322-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0072-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0368-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0150-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0394-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0005-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" C:\Windows\system32\msiexec.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre-1.8\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre-1.8\installer.exe N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre-1.8\installer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\meta-index C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dcpr.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\net.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javaws.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\management.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\awt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2native.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\installer.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ssv.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\dom.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklist C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\klist.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\nio.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\cacerts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\java8path_target_259482453\java.exe C:\Program Files\Java\jre-1.8\installer.exe N/A
File created C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\decora_sse.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\verify.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\PYCC.pf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\eula.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzdb.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI4E36.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4F70.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f774a7e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f774a81.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5156.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5252.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f774a7b.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5591.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f774a78.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f774a78.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI502C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI51D4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4F01.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5496.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f774a7e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB12D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f774a83.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI52D0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5418.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f774a7b.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAF86.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB18C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI50B9.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f774a7d.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8ECB.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f774a81.ipi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "209" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "276" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "229" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "209" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "122" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "224" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "229" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b08444b3089eda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "209" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420978151" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "122" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000003a5973efa365bcc3843674d7c6bb4acb8e55004a13ace8f6863d30f14acc7f98000000000e8000000002000020000000018e57c03d4af0f387983d39fae197cce020af54ec04667c60ff18b62bf759d22000000090fcf3c9c8d44d73fcd5df56683ae75ce6bdb676e1adbe5c723b1308f825cba240000000baf31ee0573bab3766cdc074bbe7dc503454c6f2060f7fd81789ae6a0f5dd33f8a191b25750230065fc9315fb33f49f0b6acc85e3a54e6f337dae20edd971d45 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "229" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "42" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "224" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "42" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds259469817.tmp\jre-8u411-windows-x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "276" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "224" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "42" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0073-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0086-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0347-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0093-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_93" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0133-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0073-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0280-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0094-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0409-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0409-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0334-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0035-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0245-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0371-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0304-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_304" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0381-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0237-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0360-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0033-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0033-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0201-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0150-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0411-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0063-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0136-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0138-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0086-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0224-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_224" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0026-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0151-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0163-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0205-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_205" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0232-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0297-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0059-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0113-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0048-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0183-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0380-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0156-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0203-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_203" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0363-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0223-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0120-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0177-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0186-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0161-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0165-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0292-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0138-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0122-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0111-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0314-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0295-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0033-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0041-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0088-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_88" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0231-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_231" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0044-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0377-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_08" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0093-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_93" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0406-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0076-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0124-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0234-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0343-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0200-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0118-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0340-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_340" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0387-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0340-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0082-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_82" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0099-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_67" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0183-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0273-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0214-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0257-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0389-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0153-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0216-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\MiscStatus C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0047-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0055-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0358-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0168-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0147-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0065-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0063-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_63" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0094-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0125-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_125" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0209-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0366-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_366" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0157-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0101-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_51" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0157-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0232-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0292-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259469817.tmp\jre-8u411-windows-x64.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1700 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\.FizzyLoader.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\.FizzyLoader.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\.FizzyLoader.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\.FizzyLoader.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2372 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2372 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2372 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2372 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2928 wrote to memory of 1820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 1820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 1820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 2232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2928 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\.FizzyLoader.exe

"C:\Users\Admin\AppData\Local\Temp\.FizzyLoader.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6189758,0x7fef6189768,0x7fef6189778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1332 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2344 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1404 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3456 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2612 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2432 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1652 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2616 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4016 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2740 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4048 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4136 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 --field-trial-handle=1336,i,2993398184575385356,10876332314853053708,131072 /prefetch:8

C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds259469817.tmp\jre-8u411-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds259469817.tmp\jre-8u411-windows-x64.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding 15DDD05999DE0F91BC49C4297DA8D00E

C:\Program Files\Java\jre-1.8\installer.exe

"C:\Program Files\Java\jre-1.8\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre-1.8\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={77924AE4-039E-4CA4-87B4-2F64180411F0}

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files\Java\jre-1.8\bin\javaws.exe

"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Java\jre-1.8\bin\javaws.exe

"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding E9870771001B47B2DC6FA33851B6BB5E M Global\MSI0000

C:\Program Files\Java\jre-1.8\bin\javaw.exe

-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus

C:\Program Files\Java\jre-1.8\bin\javaw.exe

-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A5510324248CC122B6ADC2540127DC15

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F846902947F51605D4A5C98517AA89C7 M Global\MSI0000

Network

Country Destination Domain Proto
US 8.8.8.8:53 java.com udp
NL 23.62.61.137:80 java.com tcp
NL 23.62.61.137:80 java.com tcp
US 8.8.8.8:53 www.java.com udp
NL 23.62.61.137:80 www.java.com tcp
NL 23.62.61.137:80 www.java.com tcp
NL 23.62.61.137:443 www.java.com tcp
US 8.8.8.8:53 static.ocecdn.oraclecloud.com udp
NO 104.110.16.41:443 static.ocecdn.oraclecloud.com tcp
NO 104.110.16.41:443 static.ocecdn.oraclecloud.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
BE 23.55.96.141:443 s.go-mpulse.net tcp
BE 23.55.96.141:443 s.go-mpulse.net tcp
NL 23.62.61.137:443 www.java.com tcp
NL 23.62.61.137:443 www.java.com tcp
NL 23.62.61.137:443 www.java.com tcp
US 8.8.8.8:53 c.oracleinfinity.io udp
US 8.8.8.8:53 www.oracle.com udp
NL 23.62.61.146:443 c.oracleinfinity.io tcp
BE 23.55.97.240:443 www.oracle.com tcp
NL 23.62.61.146:443 c.oracleinfinity.io tcp
BE 23.55.97.240:443 www.oracle.com tcp
US 8.8.8.8:53 dc.oracleinfinity.io udp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 java.com udp
NL 23.62.61.137:443 java.com tcp
NL 23.62.61.137:443 java.com tcp
US 8.8.8.8:53 www.java.com udp
US 8.8.8.8:53 www.oracle.com udp
US 8.8.8.8:53 c.oracleinfinity.io udp
US 8.8.8.8:53 static.ocecdn.oraclecloud.com udp
BE 23.55.97.240:443 www.oracle.com tcp
NO 104.110.16.41:443 static.ocecdn.oraclecloud.com tcp
NL 23.62.61.146:443 c.oracleinfinity.io tcp
US 8.8.8.8:53 s.go-mpulse.net udp
BE 23.55.96.141:443 s.go-mpulse.net tcp
NL 23.62.61.146:443 c.oracleinfinity.io tcp
BE 23.55.97.240:443 www.oracle.com tcp
US 8.8.8.8:53 dc.oracleinfinity.io udp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
US 8.8.8.8:53 consent.trustarc.com udp
CH 13.224.103.105:443 consent.trustarc.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 oracle.112.2o7.net udp
IE 66.235.152.156:443 oracle.112.2o7.net tcp
CH 13.224.103.105:443 consent.trustarc.com tcp
US 8.8.8.8:53 consent-pref.trustarc.com udp
CH 18.165.183.9:443 consent-pref.trustarc.com tcp
US 8.8.8.8:53 consent-st.trustarc.com udp
CH 18.165.183.35:443 consent-st.trustarc.com tcp
US 8.8.8.8:53 javadl.oracle.com udp
IE 66.235.152.156:443 oracle.112.2o7.net tcp
NO 104.110.22.225:443 javadl.oracle.com tcp
NO 104.110.22.225:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
US 184.30.156.124:443 sdlc-esd.oracle.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
NL 92.123.165.224:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.oracle.com udp
NL 92.123.165.224:443 rps-svcs.oracle.com tcp
US 8.8.8.8:53 www.java.com udp
NL 23.62.61.137:443 www.java.com tcp
US 8.8.8.8:53 sjremetrics.java.com udp
IE 66.235.152.156:443 sjremetrics.java.com tcp

Files

memory/1700-0-0x0000000000400000-0x0000000000457000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9CZA3JZ0\www.java[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\favicon[1].ico

MD5 8e39f067cc4f41898ef342843171d58a
SHA1 ab19e81ce8ccb35b81bf2600d85c659e78e5c880
SHA256 872bad18b566b0833d6b496477daab46763cf8bdec342d34ac310c3ac045cefd
SHA512 47cd7f4ce8fcf0fc56b6ffe50450c8c5f71e3c379ecfcfd488d904d85ed90b4a8dafa335d0e9ca92e85b02b7111c9d75205d12073253eed681868e2a46c64890

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\re26ad0\imagestore.dat

MD5 6ad20bcc5476fa92f2fa00cc7372cc51
SHA1 6831d229b4480ef45a4319942d3289bbd76a24c3
SHA256 274113e711370a9deba8da9880909908b40156dd00b6c156a1fd3b40d2cd06c5
SHA512 a52b47c8370809b68ac4fc8ed1ecc341e52a32d17a502274a1f194a89503976883b9805b9f7f99e5ab35e9a75754c1e5595da8af4b12641f4ff7881b25e75ace

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9CZA3JZ0\www.java[1].xml

MD5 9db92de242c50c77eb45a5111aed3993
SHA1 beccbec725750c7132ee72b3199bf604c2337cba
SHA256 d80c142016fc8616ca4592c953fa3c1f3bb7c51a045c18fa432f832b9ec9b879
SHA512 29c08ac0abe4253fcf7c1ba53a705e62df7d51efd956d46c597b38aa85a2e54cdbf959c0845ae0c6afc73585d209e9ab7dbf072d81eaa6f005902432dc9776df

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9CZA3JZ0\www.java[1].xml

MD5 3543a38a498c3223c95e17892c2f56c5
SHA1 2867298ace73a4c47dc50bc9208134aa146c1e8a
SHA256 7d245b578bf24dd13320b1dd9194b5bb6addf3fade196a586b32356b8931e630
SHA512 a57f29dab42736dc2afb77c29d567d8b8bc4f865bf3be4e7981c5aa1fad6a666b8a442a065460843a18578aa4ee3253b5c12fa95b029f83aaab4463ba7fe2dd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fe1149d2ce241b3f812574c99567943
SHA1 467dffbb3e006952d29c21220db15246941128b0
SHA256 bd3abc3285706eaeba3d9ac2a7c96a869436d31c2a5cced54f4680693c232e54
SHA512 3686738c7d9e3581d0f8343a57528eaa3fa7cf9f5267822e554c36c8a0b841860cbea64be2ca8e07969bb2d37f90060cdcfbfca70713d2c6df90325021dd357b

C:\Users\Admin\AppData\Local\Temp\Cab48C5.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar48C7.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab4993.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar49A8.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ecc74db5cc0436e158e3dfa20496448
SHA1 855a85091733be6ccb6b095b132e6c183c8a6dcf
SHA256 547be5bd46672e6c28d4980bf3584bfa46616f6604593734858fb8e02f727417
SHA512 ba350543653873bf2c653971dcd90be1eb94751a03a7ddf6fff6eaa7a62934bd0131bd5091845bb8eb8ce327f775bdb79479204c7142e0ce618d348ca983a430

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bdfbcc6140361f646e9c7520882c55a
SHA1 a8dc4f4cb6c54395867e42ecaf432bf9eee29d59
SHA256 affb0a1759857e7e05c07fa4ad8b449929029a103ff4838c2abd1573888c4b96
SHA512 bc93458a76ce054bfc762000967da0482fc55d855ff2032df723245b2e025f2cbc30dfa6723c88c4831b44fb05aebd8e38b3dd1c49a63b1bcf644f108ac48030

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 719fc9a884699ce429e443926de71b6c
SHA1 ab1097a55bab0bb6871679478e71033ae45ee767
SHA256 5195890cd989b7fe1c3f68909dcdd945fb2db9afe7e23054ab8d2e15b0e8c3b5
SHA512 d03d010e03a07d59dc08ea03d5f9ba9fe6c6526aa9d82df9c3501372a0f0ee87b21ac3f4e245a65dfe6f9c87c8e8e7959916ae2a0e003edbd98017cb474fa3c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18b9d34a2cb0206cd55933bc96bfad27
SHA1 6233c4318b837425e269f36962838ed9f1dec8eb
SHA256 aac213e57bdbc6585267fd567e9671d52943a9f7eba0f8f97c57169d5a8d80da
SHA512 98b11240f8d445e1b2151fe7f95f7de24e3649f588cdddd4237a581a2c1fa73782d503a35f8ab88300c38a64939924f13d99913d63d356bb9cd22cd8ac9df947

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16d05ec1ffc38b91490ca317d98909bd
SHA1 5e4fece20ef5656b974ed195207eb1351b5e5d02
SHA256 9397627fe263f0097b9f8ae9d3b7a196e161de3c225530715224cb8de6fe001c
SHA512 29a629cf81464fc3ab67528ceaa8228e78bb34855354c10e5d09d552ed5886e527996d3f5f08d11856b44988993a9d495450ee800ba9ee6852876953cdbe1cdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 597388b51374b0aedb5891afcf891dbc
SHA1 6476ec209e52fa8e9009a3771448b331c21699da
SHA256 ab30fb53f5ed9c973842cf272197f0c822263f9e4d8e53d943b81cf86b918e50
SHA512 347667492a10e97a38834648879249a7879fd17e5f4fb7a4a3b73b6c219b9f92e56849f03b4a3dcea36401c2b6fca7b41875dca765c06af462898b07b1f1b5b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83a58099a9cc6d1209f1b24fccc22917
SHA1 3c0529898b88e2c754d654d5d57e7274707e7f77
SHA256 a4d507e0ccfd6c6958c5f6731b43c277640842ab16ec95b358888a6250f86520
SHA512 c1197f93b3a73ac28a5ff25b43e1bd9d88a03c08ff25e88e29df1db8c00892af0e63cb3ae690af7fe5af9b60edc3a69069f12e10dfeae857b068633a5649dc24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1fef47e0b88fd6dedcc8682a9396060
SHA1 66330ea8bf35cee72a070c39ee0ccb3117994b75
SHA256 f11b96bac8c237af33907aa2ae768fe57170cad39bdbf156e1aaf446d102bea9
SHA512 044db97e2cc4a347d51436bbe0d3a825ea96fff93b526fbeec5e8541427f2c6ea7485918f6067b60d62caf86ff366670d8cc0a1d6c918caf4b46c9ea5dfcbe30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90b9cd8f9889013fe1f4adc9ae753caf
SHA1 d5139e5ce1311858899451166ed4ebbe84425484
SHA256 e423e0cfedcb753f15ef28aa5ac860daef5a6d470ddc6dc7839ae4b0d2027e89
SHA512 b08e3fa26b5fb926f7cebaaa25fbf342208de70eb4108b485aee68465027f2465f0489f4bc0c8d9c9093c160ec5eba3c5f1ef9cc6d1dd54e8eb07ce64a867f06

\??\pipe\crashpad_2928_SVSCJEWTJWBCWHIU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 339d748988073b1962acefd957a59c53
SHA1 27fb1a313a4ada94cddda9a949957381b4bf7e10
SHA256 869d29919cc18e235df233603bb02bdf8a478c09f00f760ce14db3469300c2ec
SHA512 0113365f440a3a5159cab81b0fd8c186e04b3a90f62cb2f701f81843bf7ede68cf7985baf586a6896a3884529fa31dce8baec68501b97de23b75beb7bc2d196e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 5a1b7dc69422517f419c1d346f0e8ca7
SHA1 176b927a09c0a65a73eef2250773ea6fe87ca092
SHA256 54a22bcde4bb6d75f00df67ae39634046a30e9787a1c28b2c0d6363b85b27028
SHA512 7e28633267fa355bb62660f354ca2cd9f5ab9bd56f952cf4d230121182f62dd5c3939dd92902b06609f1058f7ed7b050bff07355840df9433b3efff14814719c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27

MD5 73993790848dcde8777b46c0ba7f97fb
SHA1 3ccc6dc4fc22da03e926d609ba52d18614ddd1ae
SHA256 79944b44cdfa146efe771c2d53e1b3f020399ff7c6d33b70b06b7186bf9f950c
SHA512 846e08fee64093a5356768ebdf97925e8b4092a698b80565abbdbb34b799f9534bd892ce47b03fe39df4397b68c75c3cddd19d830f61ac1952f9079a0da3fd5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27

MD5 fb4d9374ac9d064a7f642c692355da03
SHA1 4de8adbe4cf1ec40767bfd4232071abca633c8d0
SHA256 d88621bf34168959bb90ca6d22ab27d086b69a01b70e1626c719ca9c00af1619
SHA512 b9410192a571d5670545dac23e0c9dbd58a61668022e9fad40bece65c860e1f55cf4760a2dbfe1ee6148a279962711994648b0c2f1cf3e823d1c3e7680e1ff72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36a44406fad3a5a48087fc1b8cd6123b
SHA1 e9fe2bf418d7be5e1d1506eca3349a8364014454
SHA256 c064f9c37aca6f51322fadcac967f02c1b435e665ef817f6e7f358db95f47f10
SHA512 58a7415afe9db6e83bb2553ea65da0973b431b3f3fd900af547d133e7f01c1f046177bb0e3e93e7018bffeabddb478febb89ac5052ada708d4f3cf1264008e63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 faad6fb1706cdd5000f1d3a4ee14255f
SHA1 6418033873b4f19d922b0b6d3ea496a162fb5165
SHA256 9d78f55642bfe9d52a9f075eedd331852a0404e4109cf9185cca85f1185f5e2d
SHA512 850997865780798f5dc219096d5421a58edee61f4f278d33a742554619e1ce10a11a62c3b854db2c73fcb45ee918f6f3163e4fe30a9db587c7adbc04b324833f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edaad4ba2827bf458b9ec6ca3b0f8ddc
SHA1 941926be2e030ff7040071c72ef958263642dbf4
SHA256 ff581ae7a4571ed9d402fe77a831635a1130eba55950711cdac324c635321e5b
SHA512 7956c84c271d791c7b74b5558a92e41fca62109c88b67cebef7f9a90908eee891adfff8ff8dfb49a75bad490949e748616192a239a62eaf817919594ae17791d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd0b6931570ae36aa61c0145ffd1069e
SHA1 55f266e2dd4a18770866fde1d4f6b00f393ae4e6
SHA256 62960f223f25237792349bc7e5745a92fbfab30d97760c66fdd6744482402cd3
SHA512 22c1016549541679e1f382f3d484f153018cf0b4912e6da0f303e61d62eb55968f63bc7870cdff58f0f68f076efdf6337ad76e147aff7211cdf83bd4750cdabf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eb5b9214fe8d0b68259153a6e74d72b3
SHA1 a0e78291a49be856eafb55829c629ba3c897fdba
SHA256 e92764d27a642a464f7b9e2c29efce168ffbe086b342d4f117871386ee46f196
SHA512 01749556dd77297676c25de1494808ff11d25cadec37f930aa9cd1494ce9f07523dbd09f5923c4b1b616726523cae7fc78f6f37f68aaa84b3fa0fb7f7eabe51d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1b857cd3e5ef1b6e8521c8475e11235
SHA1 8a3c6ce5b1c7c93fed752fd2aa64cef435a322da
SHA256 b79573fc5bf8a2fc88d516488bc56284fa960e121bf6d99773c85c3c460e8c6e
SHA512 30dc7a09bba6de82593f7472e94b89ae347467d1ef5d801b25648a0fb9d04576f3c0f8a7159528e61982279331cbf854efa692852ce6eb5a6a9107b6c2bc50f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 da56f367786c164505d0c878bd943111
SHA1 6a73014b1ce0bb6988993406387ec8988d608161
SHA256 7d1aff8de11047e7859aac7328e7cf9edd174151227c13faacff806229ad49e4
SHA512 8749626f72a906ac98444f4f0050de88e233a0628ed104ad364c16115065f40497ad144d1d7ad2390c1c16c3aae15b6811e5c64b137f6d9a033ee7cc4220dc02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c595575a47e96ff5ddb7fa9918458e9b
SHA1 37895f2fa297e6676fab34fd127fdc3942b04a37
SHA256 46e126c2cfba0a4a4c3a7ac62964a0aa9b31f9af4e65d97718aae71fed3e4d7c
SHA512 45292190ac815f8c614b53c0e5b2f5d02e66ab1d742c269bdd6e10f5265f713027ce83144dccd40e53a5a06e3b6eb33d7301ed05689ed1130a70d24ab2a84d27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4f9c45abea7e6e74173109fa27cd4e7
SHA1 7ab014bc4cc9cac1c5f121e2153bead3cdfa4449
SHA256 8eb943047ee057d0958a9ef2c6a9b706ab3b2e23ee0e5a7b5f6c010b71a0b5f6
SHA512 643400a02c369d5a271d19e8dc1f69b8e53a26fa881b66fe9323229767f1993e36c86fbb0192acb322b1f9a09adc50fe9e4b061e74eee2c984cda248eb7d25b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 816de7c9a6102a7dde5b9507c652926b
SHA1 3ca23f534d28215425cdcdd2936ffbf3e694f15a
SHA256 f6a05c878ecadd6baa163aa12902660e4611d14be2788563e52b4f1af0aa1322
SHA512 492554641cf0afd82828f93ed7a13bd1cc029820a7f31702b02f48801f70e75d8d5d9c4ea65715e5e60417ac4cf59a830f16e5ea7e3857dcd76dd77612b1ada3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a82268ff0bcea1d132783746de54426
SHA1 d54462594dcd3138a9a6caf4d9d81d39c3dc48fe
SHA256 c8d0ce43d26ece7387e3c49fec816e57bf30548ddfecd0b61158549520649287
SHA512 d5115d97a3477d093833dddc333b05b96f16cbe32cbd847ea01524b5192db2690316951aa6b1db45d506c60dd802856125739260d6e152a267794d45daeff876

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e388095b97c1ff37fc41730a1f69fad3
SHA1 af3b84622d571c5503ec86a4b09e9d08325cc548
SHA256 b5f3ffcb1cd277a06abb001b1e9e4d8c5a4c607b13e4850e66449a106c504dda
SHA512 d6403f93afcadd0b0c5d30f0c6ae5f38708f635ed88e4347e132b658e601987e06673af5ff3120a489a64f7ba43bf0c512e9d581f78bb0e36e25bcbd5e1fbe11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b4f5dbe5b43b6265c4e3b75fb887eec
SHA1 9f754cccf9756d03e0700da8d9d6ad8c3e9257c9
SHA256 1b6bf9fc1e4b1bc9966e2890ed5f09b2a2192e43aeb38fe64cd6db35501d2c82
SHA512 a1dd667a2ebf47f5415d0b837858892730025bd6a2486e9585f724c7093866baea8e350256527beb4c3a18b1519dabdf39a12d9f3903291c92561f660a71616e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 3d417c874e40090268ae44c8384c2bca
SHA1 10e7c3a1b10080b7736c2521ef1a636c606e7f25
SHA256 a40c5f528b863f26103618b52b65c67878880e3988bfafe3ee272e2ee6d4bf39
SHA512 68b5018a623b01bce6dcfeee90849492a81b4931826b8b70a4a4aca6d8e297d3081ba71a9c593c69bf5034aaae450b79dae8aa17f5c6f8f9888235fdfbe72b66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b52d4f5489e5505f9c3b91fe93db9ab
SHA1 f4bfaad8307021abb86421db7ab2da6998a967af
SHA256 593e1fe921b70661f69c39047f0f3451e497aa4dc6eb3c83f6e37d99d115ed7b
SHA512 9ceed0c44b04df1f559e2685b96fdcef96e1d4878250cbd599da3b8a35c83c3b3c8cf81e72d799b41a2e227e7a33286d80f20f0ee395f34dc941c0eb55759883

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9e2f11482b57cbe5e4c8f0683ea559a
SHA1 5dcc5880ef9066456280288b6fb7eb697bbb8579
SHA256 529f328736f1b4b32ca6dc237ecc44cd6494daa1f21df5fe504b2cb1ebe0ebf1
SHA512 9b363a6d7071a69df0605387a1d4b31b8e18f76e2af21b86d7ad0c90162131413e867cf6e2409f0b93905bd0851c9816f4bef215389ccad9099025ef2f600209

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca25e23e905f005014b43c2b7da965e5
SHA1 123f7919cf5fba6e6c5877d39766f6af3c0dae72
SHA256 290b48209562c854c457b0ba160260e3d71b47a8dd0e7769c5512d1713989e74
SHA512 50953c4194b534b445908c65d8ad740d8c3f838bf32a804a5d953648bce06e10571f04cc940aa0479432c9800d42616f7adb4239f2bc9498b3ef1264de1f7126

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 9533d4d9eb32f7138816b1914634669c
SHA1 b24719a3a966cab09b79ab8d37f0be9fec4f4014
SHA256 2efdc9947393750bc792c893e6d342a7c78ad1ec342eb308f14ee7dd9270a1a8
SHA512 3f06cfeba3c586a3c226bef0c2381c45df0e146721e756233b8a4f636880fe18cfe02419a14e41a9c6cee5b4d2b48f3e741c1f8976fa02464509a8b1319bf466

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 721f93bd0fb3a5a93b4dad6a12c1f789
SHA1 a78677cc9c2ebe15e1777f50502c9ca436ae45d8
SHA256 2acae5905abfdbe7a570c6a8c40557dc00daeaeacd8a6e400f76dc9ad6f39c23
SHA512 0176a0ff5726736ff9c225482b7c2761f89c912a237e276c32efb05bba5ae73992fa87c3ddf4d2dfed967aabe688dbe5ce61422152a2333279b222af13df7789

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 fbc0ee6ee1a9cc7bb3bd7ed6f9fb18ff
SHA1 3bab4080fa590b93de73121ca8e4e53544d82c08
SHA256 fd5f2d6663d85689c36019c7d2ca1ea9e8fa3fb9548ef7bdd0a5684c0f525b11
SHA512 0086bb6c5dc7ebee50f659673fe86af53942cab442108b2365b69b87ba882034624f24d59b25624f2ef3c75cebd4d6ad2340c9d252c74a25370cf7e9475efcd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cfdb0fb26a8e57c12cf76532ac22c48
SHA1 e025371f85ce61d7e00ee74b13f5fb1b3280fb10
SHA256 bfe7ed01550d78a780f1c030455b270899dabd56ec8bda38e31bfae6bd32e64d
SHA512 58de225dd64ec370400523dd6910684fca6cf3496463a60cf73f92c28479f505395134cf0f70f98bafc1b01ddf479b494d3e1c7a0af04d372a873031d213575c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f9b0db6f89637a9cc549d0b91127445
SHA1 17002cf492295c1f45ec214c339c7a23ae2965f5
SHA256 3da96c7abf5ea5076261b785d4294dd80f1044f3f925770f5a2d2019932abc25
SHA512 ac743439b6b33e8cac712c38a13a7bb2e53f489557f2af2c400ecfe15fcb724518aba0863e017c81dcfbcd400bef1f7d6a0408d3ec66716be04cad297679ec0d

C:\Windows\Installer\MSI4E36.tmp

MD5 1b5e31057ba3666cc2a5dd9117ef7758
SHA1 96707393a6ba7841190aee876c774524263b5205
SHA256 2ed8f2150e57bef05350211d09198275f14b492ad8cdc8ae255a955acde90eea
SHA512 2d2cf65536656b8ce4deee5508415ab4cdbb854f16c27cff3e11113b41eb751ee7a850ec6b55e595da33830b1484d2ba686c8520e5cdd262790612f2595f9e45

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 f108f7032fd1920d10f10e5c1ccc14cd
SHA1 61008a1dd652dd40cd183d25a69387b2e7a487ea
SHA256 4db6b20037bd086a95f9f8f8123dc1bd5a746dc2d9a616a74b678a95aed61a0d
SHA512 2e2399a8c5ecd268ffc0e8b3677950dae04dfece132d014c76e1a0abb89f3466c0f4f2c3a62bed8d900e202a12caea8642a5a395d1151d191626a2bf35163fda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b8dee6500c140940cbae1e41647c4b06
SHA1 f2619a210629cdba07f308f47230a54f5a5ea2f6
SHA256 d791af30519cfeacd0d15fc2ad2cb240594ff8315da093320702f7950cf10707
SHA512 1f5eb8886ce7fa29f6203fac395a0a3290a4382e2d5432a27c06be9b87c0d6345995ba6e5101d7fdd85515b9293357ed0929c7ca306dd70d9ba7eb503ba3a930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 ec323c7edbc98fe740d0c4d9580f6321
SHA1 2fd4f71aeaa83d9ad847caf2686ff92b4dcf4476
SHA256 6cab833ef406286247eccf858fb940e07710f21de665f39bf7fb724a6abce16a
SHA512 ab550ae0a0e4738f6c2d3a230d8c3fed2a0da464a68433e7e74d8ab13f86a66aaa1c693aa8ed82fcd461530347c104004b8f13e99a0ed6e3f896b21f3577d113

memory/1552-2287-0x0000000000230000-0x0000000000231000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

MD5 625bd85c8b8661c2d42626fc892ee663
SHA1 86c29abb8b229f2d982df62119a23976a15996d9
SHA256 63c2e3467e162e24664b3de62d8eeb6a290a8ffcdf315d90e6ca14248bc0a13a
SHA512 07708de888204e698f72d8a8778ed504e0fe4d159191efb48b815852e3997b50a27ba0bc8d9586c6fb4844166f38f5f9026a89bbbc3627e78121373982656f12

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk

MD5 b5e1de7d05841796c6d96dfe5b8b338c
SHA1 c7c64e5b35d0cca1a5c98a1c68e1e5d4c8b72547
SHA256 062cb9dec2b2ce02c633fc442d1a23e910e602548a54a54c8310b0dde9ae074d
SHA512 963a89b04f34bc00fea5b8e0f9648596c428beac2db30d8b0932974b15c0eb90b7c801ba6fa1082ea9d133258f393ae27e61f27fd3b3951f5c2e4b8c6a212c2d

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 6684bd30905590fb5053b97bfce355bc
SHA1 41f6b2b3d719bc36743037ae2896c3d5674e8af7
SHA256 aa4868d35b6b3390752a5e34ab8e5cba90217e920b8fb8a0f8e46edc1cc95a20
SHA512 1748ab352ba2af943a9cd60724c4c34b46f3c1e6112df0c373fa9ba8cb956eb548049a0ac0f4dccff6b5f243ff2d6d210661f0c77b9e1e3d241a404b86d54644

memory/1888-2485-0x0000000000140000-0x0000000000141000-memory.dmp

memory/1888-2498-0x0000000000140000-0x0000000000141000-memory.dmp

memory/1888-2514-0x0000000000140000-0x0000000000141000-memory.dmp

memory/1888-2515-0x0000000000140000-0x0000000000141000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 233f92b792fbe6f6a2fbfa9fc967d583
SHA1 2e37eb9b5ad676562a23298ac5abea167289b6ad
SHA256 d9d0a281622020285948eb764c9fde6f63fe0601de91f69b9944d4a9f3fa627b
SHA512 c5d8128015e7d68a8c54047ea2b961baeebd9e18f8dbe81b2fc8ea14d0f8cf6dc37bd1a93072affa80368333059e1055639c956be61f7eb969c6a5dfa9ae1f19

memory/1888-2544-0x0000000000140000-0x0000000000141000-memory.dmp

memory/548-2556-0x0000000000340000-0x0000000000341000-memory.dmp

memory/548-2567-0x0000000000340000-0x0000000000341000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 33dad3c36a4c191b5281fc66f2b83933
SHA1 c094ef4488167ff9874b75fcacb26ebfe9692371
SHA256 efa441b4e758e9c58d4c7b1a151fe742fe8e5304309abddfa2e7a2efb359eea6
SHA512 bdd092ad2788222c94d7b3fda8774776e20473e8350aa282501226a00717a5051c03af3334f78414eec4588127b11ebc9ae154483f0310af58c9e83e7743dae1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d171be7d-6a8c-4d57-91ec-9e75e600db57.tmp

MD5 efb983e928bf9027c058667091df358c
SHA1 fc2ab08bd6e5fffc04bbd3d3d0e9dd75fec44d7c
SHA256 08436c105c01f2237013998b9cb7c1bce26f36b3d9b362e8aad7428e393157b0
SHA512 13e7642748c4d3fa8552b8e48e43f88e6bcb0fc13eae39ef25425ba3a573d94ee93ce8872c9477edace78ebb2205816a534fbb704be6444efe05e823187350d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e05469660b783d937ba7d31ce9f3b74
SHA1 1bb6aea5520124f62e1fc226a851f7ef57d533ed
SHA256 e4327cbdb65128cb47d3a0b0b6f870ed1cbeb1748149b98a6a89016de057f770
SHA512 12854ade85e256221de3ed35864c97e3652efb823d54332a9d8de2cc7d9b26d5b30d985e557da5fdf752d0736765cc9feda06f24d232810497c02046dc02a23b

memory/548-2663-0x0000000000340000-0x0000000000341000-memory.dmp

memory/548-2687-0x0000000000340000-0x0000000000341000-memory.dmp

C:\Config.Msi\f774a7c.rbs

MD5 cff630cdf0f9869d361bc3cb44a42e00
SHA1 7c7557dc2be1e4e8bc67cd59022dc31babde0a01
SHA256 4c7e13f21a486ea025dc8def8cab0b73d7d7e4870318c6f4cca9dbcdafa0bdfa
SHA512 5b59d3c9dcc30a6f8552d26a900aba46bec45018fb9a01637b175df4abe3271d453446064841b4806cfc9714b3d6b8ee491c7473761f8814bad5952d610f1233

memory/1668-2753-0x000007FFFFF70000-0x000007FFFFF80000-memory.dmp

memory/2044-2866-0x0000000000330000-0x0000000000331000-memory.dmp

memory/2044-2869-0x0000000000330000-0x0000000000331000-memory.dmp

memory/2908-2880-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2908-2882-0x0000000000430000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\runtime[1]

MD5 0935b5761ecd6784de439e80ba9cd9c8
SHA1 e4e563094abbb9411439e598a2cf50746bbc99ab
SHA256 f68d13e9dfb62943ae7ba8c6ee8ba4453d611d6448440f4377a8dca35ab9fa3e
SHA512 b1e513cb442be4ccd3666f6ea6130a77bccf79176d4d2f56366d74220fc1b041aceab56570595b209375f5d7bcfb965a15a50c600228951f4b7d572d0ad90f47

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\host[1]

MD5 a752a4469ac0d91dd2cb1b766ba157de
SHA1 724ae6b6d6063306cc53b6ad07be6f88eaffbab3
SHA256 1e67043252582aea0e042f5a7be4a849b7cd01b133a489c3b2e67c10ade086f3
SHA512 abc2899705a23f15862acf3d407b700bb91c545722c02c7429745ab7f722507285c62614dcb87ea846f88fc0779345cb2e22dc3ad5f8113f6907821505be2c02

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\l10n[1]

MD5 1fd5111b757493a27e697d57b351bb56
SHA1 9ca81a74fa5c960f4e8b3ad8a0e1ec9f55237711
SHA256 85bbec802e8624e7081abeae4f30bd98d9a9df6574bd01fe5251047e8fdaf59f
SHA512 80f532e4671d685fa8360ef47a09efcb3342bcfcf929170275465f9800bfbfffc35728a1ba496d4c04a1fdefb2776af02262c3774f83fea289585a5296d560b0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\layout[1]

MD5 cc86b13a186fa96dfc6480a8024d2275
SHA1 d892a7f06dc12a0f2996cc094e0730fe14caf51a
SHA256 fab91ced243da62ec1d938503fa989462374df470be38707fbf59f73715af058
SHA512 0e3e4c9755aa8377e00fc9998faab0cd839dfa9f88ce4f4a46d8b5aaf7a33e59e26dbf55e9e7d1f8ef325d43302c68c44216adb565913d30818c159a182120fc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\rtutils[1]

MD5 c0a4cebb2c15be8262bf11de37606e07
SHA1 cafc2ccb797df31eecd3ae7abd396567de8e736d
SHA256 7da9aa32aa10b69f34b9d3602a3b8a15eb7c03957512714392f12458726ac5f1
SHA512 cc68f4bc22601430a77258c1d7e18d6366b6bf8f707d31933698b2008092ba5348c33fa8b03e18c4c707abf20ce3cbcb755226dc6489d2b19833809c98a11c74

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\common[1]

MD5 f5bb484d82e7842a602337e34d11a8f6
SHA1 09ea1dee4b7c969771e97991c8f5826de637716f
SHA256 219108bfef63f97562c4532681b03675c9e698c5ae495205853dbcbfd93faf1a
SHA512 a23cc05b94842e1f3a53c2ea8a0b78061649e0a97fcd51c8673b2bcb6de80162c841e9fdde212d3dfd453933df2362dcb237fe629f802bafaa144e33ca78b978

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\masthead_left[1]

MD5 b663555027df2f807752987f002e52e7
SHA1 aef83d89f9c712a1cbf6f1cd98869822b73d08a6
SHA256 0ce32c034dfb7a635a7f6e8152666def16d860b6c631369013a0f34af9d17879
SHA512 b104ed3327fed172501c5aa990357b44e3b31bb75373fb8a4ea6470ee6a72e345c9dc4bcf46a1983c81adb567979e6e8e6517d943eb204c3f7fac559cd17c451

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\masthead_fill[1]

MD5 91a7b390315635f033459904671c196d
SHA1 b996e96492a01e1b26eb62c17212e19f22b865f3
SHA256 155d2a08198237a22ed23dbb6babbd87a0d4f96ffdc73e0119ab14e5dd3b7e00
SHA512 b3c8b6f86ecf45408ac6b6387ee2c1545115ba79771714c4dd4bbe98f41f7034eae0257ec43c880c2ee88c44e8fc48c775c5bb4fd48666a9a27a8f8ac6bcfdcb

C:\Windows\Installer\f774a7e.msi

MD5 cccd2ea5e7d0865ce06c86e91304cb2f
SHA1 75e3026d4acc6513f6f629e497799612d59b3793
SHA256 4e26be8c53409ac2e5ca87b78a3ac458ffd4a31047bfa4bfac8f61608a82c7c5
SHA512 a86ceb4db4b36d2d0e5ff3f99b50c133207226e005be68cc5620c7baa9bd1a4e2bd1fa67192e74d8ab387b0e139497117220c19711aa5127f45b51b8ff1fab38

C:\Config.Msi\f774a82.rbs

MD5 5118208cb3ce4fc35b117dae97ffdd7e
SHA1 788edf65f2c014c747610f76bcc3c3c3f256cb56
SHA256 1c3136b105de73e2f195ead792fd2e217f20905ad483064e2e901cdf79293101
SHA512 4f88cb6cd70544553897eceab492312b10eb6e0bade570c29774a17b5fdcaf742587fe4cc8ff1fb7be4e1529ffe702a1c0f690e0b7bfc1b0a350a155190b26a5

C:\Users\Admin\AppData\Local\Temp\~DF41A93F5E36F717EC.TMP

MD5 dddf7e79162fb7ba7242aa6369d6669d
SHA1 aca203d7e225f5121044077b7a75aa14989d617a
SHA256 604407a9d928b86f283aa9b4d728554ddfe379d799c2def7125ad7ea53834162
SHA512 7bc38fcf1b8a559ceb0cec45c0a3accd7d50d6a01a233e27ab510064f3c787952fbe073f3af1ea15355acce806a84aa0ff5e8f1c7b067f8dfa5427274d587ed9