Malware Analysis Report

2024-07-28 05:17

Sample ID 240604-1jlb1sdb77
Target 965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118
SHA256 139ee6fc065e526efac3cf24d50d0d95c78e1a10ff2cf40839cd4756fff43e71
Tags
upx adware persistence stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

139ee6fc065e526efac3cf24d50d0d95c78e1a10ff2cf40839cd4756fff43e71

Threat Level: Likely malicious

The file 965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

upx adware persistence stealer

Downloads MZ/PE file

UPX packed file

Loads dropped DLL

Registers COM server for autorun

Checks computer location settings

Executes dropped EXE

Enumerates connected drives

Adds Run key to start application

Installs/modifies Browser Helper Object

Blocklisted process makes network request

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Modifies system certificate store

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Modifies registry class

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Browser Extensions
T1176
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Modify Registry
T1112
Subvert Trust Controls
T1553
Install Root Certificate
T1553.004
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
Peripheral Device Discovery
T1120
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-04 21:40

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 21:40

Reported

2024-06-04 21:43

Platform

win7-20240508-en

Max time kernel

142s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe"

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0075-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0092-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0094-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0076-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" C:\Windows\system32\msiexec.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Windows\syswow64\MsiExec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\java.exe C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\SysWOW64\java.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\SysWOW64\javaw.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\SysWOW64\WindowsAccessBridge-32.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\SysWOW64\javaws.exe C:\Windows\syswow64\MsiExec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Java\jre7\lib\accessibility.properties C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\deploy\splash.gif C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\San_Juan C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Ojinaga C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Sitka C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Vancouver C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Troll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\Bermuda C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\cmm\GRAY.pf C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Yellowknife C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Damascus C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+6 C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\npoji610.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\security\blacklist C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Indiana\Tell_City C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Riyadh89 C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Vienna C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\dt_socket.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\jpiexp.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\plugin.pack C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\security\javaws.policy C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Godthab C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\North_Dakota\New_Salem C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Brunei C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\Faroe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Niue C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\JavaAccessBridge-32.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\fontconfig.properties.src C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Jujuy C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Chihuahua C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Indiana\Petersburg C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Swift_Current C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Gaza C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-7 C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Indian\Mauritius C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\jpicom.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\resources.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Belize C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Boa_Vista C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+9 C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\WindowsAccessBridge-32.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Paramaribo C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Pyongyang C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Zaporozhye C:\Windows\syswow64\MsiExec.exe N/A
File created C:\PROGRA~2\Zona\License_uk.rtf C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\jawt.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\t2k.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\fonts\LucidaBrightRegular.ttf C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Hermosillo C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Porto_Velho C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Thimphu C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Chuuk C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\deploy\messages_es.properties C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\deploy.pack C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Algiers C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Brisbane C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\ktab.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Omsk C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Uzhgorod C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Indian\Kerguelen C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\deploy\messages_pt_BR.properties C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Noronha C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Sydney C:\Windows\syswow64\MsiExec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\f76b812.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76b814.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID82A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBE0D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76b80e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76b80c.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76b80f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID5C5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID76B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBD12.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76b80c.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76b80f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC188.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76b812.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76b809.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76b809.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files (x86)\\Java\\jre7\\bin" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files (x86)\\Java\\jre7\\bin" C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "14208544" C:\Windows\syswow64\MsiExec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_26" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_58" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_85" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_66" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_09" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_01" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_05" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0072-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0080-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_04" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_47" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_56" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_33" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_13" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_62" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_63" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0077-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_35" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_08" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_08" C:\Windows\syswow64\MsiExec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2036 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 2036 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 2036 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 2036 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 2036 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe
PID 2036 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe
PID 2036 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe
PID 2036 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe
PID 2036 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe
PID 2036 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe
PID 2036 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe
PID 2620 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe
PID 2620 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe
PID 2620 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe
PID 2620 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe
PID 2620 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe
PID 2620 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe
PID 2620 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe
PID 816 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 816 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 816 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 816 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 816 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 816 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 816 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 264 wrote to memory of 1268 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 264 wrote to memory of 1268 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 264 wrote to memory of 1268 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 264 wrote to memory of 1268 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 264 wrote to memory of 1268 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 264 wrote to memory of 1268 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 264 wrote to memory of 1268 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 264 wrote to memory of 2184 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 264 wrote to memory of 2184 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 264 wrote to memory of 2184 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 264 wrote to memory of 2184 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 264 wrote to memory of 2184 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 264 wrote to memory of 2184 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 264 wrote to memory of 2184 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2184 wrote to memory of 1932 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1932 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1932 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1932 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1936 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1936 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1936 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1936 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 2988 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 2988 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 2988 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 2988 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 2120 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 2120 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 2120 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 2120 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1604 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1604 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1604 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1604 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1752 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1752 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1752 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 1752 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 2184 wrote to memory of 2600 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

Processes

C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe"

C:\Windows\SysWOW64\cscript.exe

cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs

C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"

C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe

"C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe" /s REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\jre1.7.0_80.msi" REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0 /qn METHOD=joff

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding E9D7B25CB6F3A77151C25ED0B6AA4DA0

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding C1297603A4A320DCC1FC0E50D9CF96CE M Global\MSI0000

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\rt.pack" "C:\Program Files (x86)\Java\jre7\lib\rt.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\charsets.pack" "C:\Program Files (x86)\Java\jre7\lib\charsets.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\deploy.pack" "C:\Program Files (x86)\Java\jre7\lib\deploy.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\javaws.pack" "C:\Program Files (x86)\Java\jre7\lib\javaws.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\plugin.pack" "C:\Program Files (x86)\Java\jre7\lib\plugin.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\jsse.pack" "C:\Program Files (x86)\Java\jre7\lib\jsse.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\ext\localedata.pack" "C:\Program Files (x86)\Java\jre7\lib\ext\localedata.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\jfxrt.pack" "C:\Program Files (x86)\Java\jre7\lib\jfxrt.jar"

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -Xshare:dump

C:\Program Files (x86)\Java\jre7\bin\javaws.exe

"C:\Program Files (x86)\Java\jre7\bin\javaws.exe" -fix -permissions -silent

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\Program Files (x86)\Java\jre7\lib\deploy.jar" com.sun.deploy.panel.JreLocator

C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe

"C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre7" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTdcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xiaW5camF2YXcuZXhl -ma LWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Sun\Java\AU\au.msi" ALLUSERS=1 /qn

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 24DFF4A8F891D56024538EDF1BDBA581

C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -r jre 1.7.0_80-b15

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\utils.jar" ru.megamakc.core.JavaArch

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\utils.jar" org.sevenzip.decoder.SevenZipFolderDecoder "C:\Users\Admin\AppData\Roaming\Zona\tmp\18467Zona.7z" "C:\PROGRA~2\Zona" "C:\Users\Admin\AppData\Local\Temp\zonaErr_core_-449582356.log"

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\utils.jar" org.sevenzip.decoder.SevenZipFolderDecoder "C:\Users\Admin\AppData\Roaming\Zona\tmp\6334appdata.7z" "C:\Users\Admin\AppData\Roaming\Zona" "C:\Users\Admin\AppData\Local\Temp\zonaErr_plugin_-449581202.log"

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\Zona.jar" org.gudy.azureus2.core3.util.Constants

Network

Country Destination Domain Proto
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 i3.x8.net udp
RU 178.218.223.40:80 i3.x8.net tcp
US 8.8.8.8:53 dl.zona.ru udp
RU 46.254.16.107:80 dl.zona.ru tcp
RU 178.218.223.40:80 i3.x8.net tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
DE 23.56.205.197:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.sun.com udp
BE 104.117.77.75:80 rps-svcs.sun.com tcp
US 8.8.8.8:53 javadl.oracle.com udp
GB 2.22.96.153:80 javadl.oracle.com tcp
GB 2.22.96.153:443 javadl.oracle.com tcp
RU 178.218.223.40:80 i3.x8.net tcp
US 8.8.8.8:53 sjremetrics.java.com udp
IE 66.235.152.221:443 sjremetrics.java.com tcp

Files

memory/2036-0-0x00000000001F0000-0x000000000027C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 3019bfeb6ca21d834c5d32ee3a68d67a
SHA1 45848146ea08906bf1134c4abd022e8edaf0e64c
SHA256 216b04eeb7eb7b2d2e176555d7db8f871310f0f4ad41e59915919dad371f2338
SHA512 4c5ec5486bfc6ebae3306f3a54dbbd4bfd73f92e3a02a35379743884f1e80a8db8a358e13bcef68c35c3fcc4b233967f8051952f00cbad32a1414b64657c11ff

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 95d8622cb8d4e4dca8c561459e27f02b
SHA1 4dfc8ee2e95fd062db5d23649a54ed190ab46455
SHA256 b3a24f7d0f08b3a53ad2da21314aa6a16783144e7a69d687b81149211f379f4c
SHA512 65d666d4a98ac46d29ee101ea5b52ec972659e1e3ed0ae224d2f22a732135b054727c5d99e63787a3905ab41d6aa92ccfdef15161f8385246407befc5ab62a32

C:\Users\Admin\AppData\Local\Temp\hd.vbs

MD5 d8682d715a652f994dca50509fd09669
SHA1 bb03cf242964028b5d9183812ed8b04de9d55c6e
SHA256 4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba
SHA512 eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

memory/2036-38-0x00000000035A0000-0x000000000362C000-memory.dmp

memory/2620-41-0x00000000001F0000-0x000000000027C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 222aa93403e2a76154c8cdc34563bc6a
SHA1 8270bb68ee7f570e9c4770a4a74e56ce51d8de12
SHA256 5170c3162903088c0cbfa7d1b3c552f278edd803274b121817d162ffe95982b0
SHA512 c4ef02c88caa41b1a88c2620137f95f76964657de1b4fd4c719f86254f2a60b7ebbf934cc469fb868bebfa2c06b102c87cdb5c2dc408860aae438a999beb44bf

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 e4f663c3212b641fabdf0da60fe6931d
SHA1 caf912aefd58944585fc793758e94daddef2f640
SHA256 208d567c9808690cd213b531ae0cc4216dd89fd6a6f094c607da07ab299aec38
SHA512 b4deedd0f5d4df2c4228220d809016067ed5e45b2d07d6dcf7174d89f631355c668ad10cce4a690500213b40e7c886d18dc1534fce89abd3493eb6df64e0c70d

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 c155f9fbc28b351c63694b1a454a1df7
SHA1 319cbc47f723ed73ed8440e18eab44a7700d1f83
SHA256 6679afa2aecec86e2b1134d5496aca014d7a26049194b6dfd1d61d49f2f44be4
SHA512 939c36197fe800edaeee41c6475866eb037cb1dc2f438511a0a388250a9e6dfe9cbeebda18095c917ffc46fe7d5525d8a9cbe1c16e10ee4268857e198fd5a7d1

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 fb1712235d9c69f672919cb7697bfe61
SHA1 cf7a8a6cb4745255e61e397881c6ad076a2624bb
SHA256 a44eda36c579c95dbcad9ec6b887db7bc38ff6b73aa1172cfd86758302b96bef
SHA512 a48f0829c9f1a2400ad336290f124e2dc848ced56fe1f2289d485882521afa77d96ae79db570963aaddcc65d7c605522451486cc02312cfb12cc208f3c800540

memory/2036-80-0x00000000001F0000-0x000000000027C000-memory.dmp

memory/2620-81-0x00000000001F0000-0x000000000027C000-memory.dmp

memory/2036-88-0x00000000035A0000-0x000000000362C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 faa8123df5a28e60bb4a7a3eacef3b5f
SHA1 f9830f0bd57306472df3ea66aa6eb126cc2eb41d
SHA256 ae6fbb8dc2f0f3bfae7101a42396bea208a532fbc1947feb1e83851f7b0398ad
SHA512 9706376947311efb30068bdce8df06aa755032ca194d45ab3eafe639efbbb0ee8b671aad7988b2e610320997f23cc3ba31789e6e5a6597b558e95dc1863169ed

\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe

MD5 f2fd417b6d5c7ffc501c7632cc811c3e
SHA1 305c1493fca53ab63ba1686c9afdfb65142e59d3
SHA256 a87adf22064e2f7fa6ef64b2513533bf02aa0bf5265670e95b301a79d7ca89d9
SHA512 289ee902156537e039636722ad5ac8b0592cf5cffda3d03cf22240003627b049382b95db1b24cf6a2f7134b0df93ede65a80a86381fc161b54c84a76ed04458b

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 67f25f53f289227f2c126f16fdee4606
SHA1 2a2ff91097d74ce72a9916c1953ae19598b47a62
SHA256 ccf06d7a642d13d662b6c609228a9d7d0f0e8b8890235b97769f226b814e9d97
SHA512 8aadf8b90b73a5869021405e11583457c609c27df4cfb3f22a30b383220e78942d0d126b7d93595b7f65c62e3b8c5eae8c86c9799e060d39abfef2ec459e867f

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\jre1.7.0_80.msi

MD5 e24d9b483ce7a3a6a4406111883457f7
SHA1 0d5efff0d110c48f5e6f5d438967427f1e2dbf84
SHA256 dbf28e21d55dd662cccf4d422a1a645a6a3dbfd6914942dde417d20c4d2fe01c
SHA512 b614b023ce683e78ee685be028fa06d7df90f10360d55de2a8c1214200b0b85998683502f377b01584bf23b72b168c33ef560a78d7abdf68aa3af87beca59398

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17171f985f70ddec5b0a28d815aaee39
SHA1 11c9835f5f361bb14506af94724e2398934a1955
SHA256 2cc2d4a1b971df57b83bf8dd55a37d9217b76dcb55de60807c90591a42330ebe
SHA512 2732b759ebe5791d7e79e94fcaafcdcb207636d556922eac6138f9cac9c579e18ad98c304e157f08b1bb1f77251781d4b1df240ed029599ed3ff72932228dd5e

C:\Users\Admin\AppData\Local\Temp\CabB8A5.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarBA51.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Windows\Installer\MSIBD12.tmp

MD5 9f84d910602183954bed6d9660600783
SHA1 82e3b122dc63e0a333bca531dd16667d5fafbf23
SHA256 bf4e4c75d148cb412e28a0b4e665919fd5ac6b9aa6bc3fa75401394759218d5e
SHA512 09fb450e6c6f22a32d5e06f470070aab17d4973afe307b529093af7fa29ab96b61a89814e4964d005459f8ebb25716134a5e1c41f6ea7d260361b135306544b9

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 b839e251dabd87499a7b7adb2e0f7138
SHA1 9586549fd057eea195b23123a4a978a2c908977d
SHA256 07b873d86b17f179340b0c66dda7bbbe88d7dfd34e54f8a604323bcbd451e5f0
SHA512 5b9234c76387649dab686d772e30a255e9de78648d661cc2ab17c37dac1ed31700cdeed40796bc789b35fc333294ec747c8915df968249f83bbd6e241d9c53eb

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\Data1.cab

MD5 003a488a2139105704566b47eb29520d
SHA1 52d672a592cd52ad5e2e7239421f2659e0d17afa
SHA256 a84262dd486cf59049d0d2d9a1b00dfb5aa5271592edd8de0e052f12496dec67
SHA512 ab34061f8e04bb1d59f1b35e0e1848a176f2b119095e79015130da3a4384c70fa35ecbe1625e07c0eb0de49c67bcdbba59f10fa1dfbbb2066dcb6ee6825215de

\Program Files (x86)\Java\jre7\bin\unpack200.exe

MD5 0d46182b6134aa9c7acd16133d67e4c3
SHA1 7b5be3d65e5e744723bf55a08f9dc1042585d5eb
SHA256 c89091f2a4de2fcf10b30e54a74ec5764e2dfc0577f4f1d879ac8816e3b08bcc
SHA512 735b6c6bd69b22a71c15ae44c6fa1693700321dc3b4b2367ce05d5c37df62e45d1d3836c2c0f5e44be1036aeb11a533c2a4dbec55163b4a15adfa1c8ef75673b

C:\Program Files (x86)\Java\jre7\bin\MSVCR100.dll

MD5 bf38660a9125935658cfa3e53fdc7d65
SHA1 0b51fb415ec89848f339f8989d323bea722bfd70
SHA256 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA512 25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

C:\Program Files (x86)\Java\jre7\lib\rt.pack

MD5 b6d75e8c90c79af1579769f10b1e5c88
SHA1 146cb3f05fa161885e8faf079fa2bbd89b5c5b18
SHA256 82dc6806d9ec9eb16604f90a5c78d0d882b69a0e718d8f6c3c6b7c9719887b7e
SHA512 02cdd0c0d6e71bc09120db2cd3b9471c0176567d92bb74a08c13e82c1d23722eb4afac41583a11dee3fc531fd442754ee0f5cb964898ec036ddd432947996037

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 6a86e8d216a77baa9084e18e231204a6
SHA1 6c1e488a58c0776519fb5eb4161d0f929aecb188
SHA256 49c96e06d4d875bd04d6dba41567347e0ca43f712b54dfcb240bbf8da12506d3
SHA512 6c4dddca4bcad858ff042a9f15da6226cf8c4a7c84215a1cba8b6625ef192d74451fb11a9ceb6c5a6450b71fec24c69d404505717c008c9009ca8e0a8a57c37e

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 5da1b3686b8239c4278b11288b0b441d
SHA1 fde3ebc5be1347693b9a66877f78d40929383ff8
SHA256 c2e1e432f32ceaef9be282ed1216275604f03a9fc514781161eaa89c32046f56
SHA512 a5a118bc340169f36c7b69a1d5e20b23be6132be6926664d67839357c40ac7a9337014a9aa570b72f3f3ce816a3b003915516effb764ac00f3959a75a9d05b1d

C:\Users\Admin\AppData\Local\Temp\java_install_reg.log

MD5 b8fb107bd13db98220f268c8934f9966
SHA1 9ae449edd077dbe9fc765619a318359a03284b18
SHA256 54319cb0aa82dc67dffada8af6e5fdb235b0c27575f4c7ddfe7a6f834243d3eb
SHA512 af996421da8f6655c62693db73770777b981334e368c0a288b8e7ba5dc20577adc7605336cb0a1d65ae41f0e4cae09e572ccf657c9c35aed679b0ccf17e1941d

C:\Program Files (x86)\Java\jre7\lib\charsets.pack

MD5 549bbcd204914b543dafee670f110834
SHA1 012461935191a55482e8c3d453d245e965a10a2a
SHA256 8ea5af036ec067a0abcf87b8f5921e2281ff9d259e1d4c3bbe7fa9037cd87d02
SHA512 b0346a2ec52ce47351286f27f347f5fea99e160aedde52bcf74e1629739704bd975c9c99d8db6be3b6bd45e7fa933616fa081eda49e9b911efcc031c7241400e

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 a4a7a1bb494c3808f6c61b7a016b0e1b
SHA1 78c93a6cb226ae9fec29eb5727737b88457c09ad
SHA256 415da94b6e737947ad017a683a71fa1ab41229ae062f46e18ad8b427dc63b6b9
SHA512 9cf5f993f137024edfe2c35186beaffd891cfc8122d527a95cc42eb098026766ae35f2c53625f50b4821f54b055f21dbe99e6da3dc4c08ffa49419b58553be93

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 a256804cf7979b72a2e05766cdc6e6a4
SHA1 7318c80b4ff40c397a27cd2fce6c157bea503be6
SHA256 0ce92642049b8d6cd1925f5697eb4fd699594fc329d590fb482f9430a449c4a5
SHA512 8c8fd367f8e990ae1d291b66ae34efd76dc547e53d3e80b334ce00fc05a703c9a4316025426363106f614ecf64567bb98b918ab019ed084ba47e06f634c397f8

C:\Program Files (x86)\Java\jre7\lib\deploy.pack

MD5 b2a448112b7c886ccce9b6a3d5efd8a0
SHA1 660bc9efe960015b208a421b1a63443e7151024f
SHA256 928f6b847f94b920c462a08c43f0dfd3f7c40076b1cd60545523a5c27a4870ca
SHA512 871da63f4eaf16d77ba6c19c10d8ddd8e94f744c20a70e24793f837023d20e56698d85f67498bc06ec37b73a8f376c220afbe7f3884b00536b710ff49c339b3f

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 95b6db47d83e1c43fe0a6dfa89b6cf4c
SHA1 ce67c5f379dca2775815dba04875bee40dcc8c14
SHA256 c3fccdfe60a45a816f9389a8ed5678862bb151d10d58d5ed7275a7d0e3714388
SHA512 4c9df5f9d618bb0d6827ff187b0f7ba1bc7b17fb34635a84a37353837b5afc6c0c4ff0c913608edb6ec478c540d79084fe2aaa15f45628ab4a53938a223dbbe6

C:\Program Files (x86)\Java\jre7\lib\javaws.pack

MD5 491bce42c6cd8af88a2e11f37711ed4f
SHA1 3de7c18fee44465a6afe34e068f2a64dea9fa324
SHA256 ee43869ee94eefe241d661101ff6a03cc276f8e558967b1b350ea088f1dad2e2
SHA512 1e5f99466b77b5a82c23449434272acf5746811ef96b98105f89b3339ccd86734d7713c94b773755219345d673a761a356fbe846a38e7893bd8894e43cf102e4

C:\Program Files (x86)\Java\jre7\lib\plugin.pack

MD5 47d6cfa1b01a6d41885504bbc3b1919a
SHA1 3838060f9d530c972d65f36fa38b265120a218aa
SHA256 93defaaf7f82e2e9565b27dd31a41c89e02d1b7719d0da0b940a55dcc75b91e5
SHA512 b0df9b174624234aaeb2b50cf611f698377925a0ae5c5ee9da46c65fcecf4d28941d1bf2332316d9327981c1f8c6c4fecf750e013f04eef63f5df52d27593135

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 b0949b14d1ae9196d12eaccaa0b62107
SHA1 4acd9a8d1411037d73667808f243572d2239c436
SHA256 295f8c8bb8e6a16f72874ca3bffdf21b7f4050cdab3bdc1bf055f6a86ce3ea95
SHA512 b25bcaa9dcb3491a98c799d3281fc88988fec2d6a50c2c127c89a5fea789ec657ab3da53ce54b3f1dd40d33c7f415935bc57b101c23b07d7298864c9047cc906

C:\Program Files (x86)\Java\jre7\lib\jsse.pack

MD5 31b4d9c29d29567b0ae3037fac9fbdc6
SHA1 8b5d1b1a309177466d71a742414d441f600ea38e
SHA256 9f031f2f1292bb311c400b0a93a11b78a08f013332b1263ea58617b6548862eb
SHA512 b4a8a3a1e837f98a3164e19a6fe939819eb336892335de975822890b52b5923d85fee4c4e5464ccb0d46c847f37f7da98a839aadbf4d20fca355f396a53836c0

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 5b2120b15b094ab218e799bfff61dc14
SHA1 e28431d7b6e4b553a5d1d16ec3b8f97e4c99e3e9
SHA256 890825362b7fc3c0d04d28220a0448db13ed45caf20fb07e24cad7cfc89b8af5
SHA512 9e7938223631f324d5b7729f0957a9369d864df6d1ef8075419c626b5873e81a39775cb6a2e1a08d8da66b3f444f2eb6699c6b9dee076fdb2a8feacc590eb49b

C:\Program Files (x86)\Java\jre7\lib\ext\localedata.pack

MD5 c8dc1cfeaf0fefc39ed0f1de4eaa175c
SHA1 11cacbb9e5724d37789455de37a225d8e0c648a1
SHA256 da2803a283d28882182e1e280b4f25ee1579a5805e73fcc9882e63968f102a8f
SHA512 6b419ba94ae90f8caa3a57690f2ec7e249c9fb8ab86819439621cde1243c7636ee76820622ce32ed483ce76976f7ced74778898fc2725b1a2407b039fb53508c

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 2b86d39053fc6e56bd766e03b26a52c0
SHA1 ef3dc18b0959019ac4501feb955921fb0053907f
SHA256 a0c4e58373a32071c13ea9d822f62773b50746a310cd371e425a2156963e0548
SHA512 b156b87ba767de35d4be1738eebd393fc584c2294f529834f20d63d5179c6b198925c68b94af63243bc667fd5f87792886af2225c1f3d7933e311b75ad1bc173

C:\Program Files (x86)\Java\jre7\lib\jfxrt.pack

MD5 dfaa6429468d56ef77932cf26a495f75
SHA1 8a21a29225640f1829ae328a24ef9cb5e215a4e0
SHA256 8c481a549acfa58b1bac0385906febe33a928d004a529fec505b6a9228678fed
SHA512 6c19ed573b111315648de0646441486729b304452c15b2282938460a2339db0be4e1eb19cf6f2bf17f73037811ca2553a15957ea96b9d9af64a93045407c1148

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 84c27ced6cc0251cd34714e71e48a140
SHA1 6e32ac3ed6f877e45a116f774b96918e930ba0ec
SHA256 0c87510669db441fb18ab701f020065edfb5701272555e7445a3a2698be815b6
SHA512 f1579dc5aebbe3ae6c87c89b0a5b444376c64515eaef2a719120f4c4cfeb930388fd97ff44f2dae65a59bf0e197fcd206d86765e5384045c8f65b9d1e7c15fc0

\Program Files (x86)\Java\jre7\bin\javaw.exe

MD5 64e2bb67ea740860510dcc5c2b6ffa2d
SHA1 6c5996358264624cdb4a075acc4f0b46177cd259
SHA256 844ab2231f45fad60d81770ea36d9937da9aa72cd905ce06e7471ddf9d69263b
SHA512 ed24331883ada44d8b034f5c8bc458e53234109d5cd02a27989972033f5b3305d23365106ce80be81caa16e472c14c103e457a1e0d138eb0d95036e58d877462

\Program Files (x86)\Java\jre7\bin\java.dll

MD5 a258a133f7d565600647a248ab95792c
SHA1 1c6a855ca1fc04413b906b0b17609eff38317161
SHA256 81ad5696a6fcad89127fc7a428636d431b446ff1ee0c37bf87e8d513a8bae7af
SHA512 bf9dd97947eb0c71243ae28255af54b06d9e17af7ade666538dd93f9fdf6d8fbc3855f48bfaf6522dbd9ce3c6cff655581f092709670606d033f2321b1f4a5e7

\Program Files (x86)\Java\jre7\bin\jpishare.dll

MD5 4cf2dff54d2e12e3ab637fcafa7d4c9d
SHA1 dcbd0a027b8017ac396741698dfc3b3f4d1b4c39
SHA256 8ff2bc130db2f1fef2e6470adb58bcdba1d2133f9ad21ebd7d80fedd3e537e21
SHA512 a206001ceaed2df91428f1b7094246e4e7318bf4e7b19c475d4887b5eae49714ff7fa3cfab4133004a51280cf36549b73eecc87428b0b38294297545e9493e67

C:\Program Files (x86)\Java\jre7\lib\i386\jvm.cfg

MD5 5147cce789cd18ad6b2996eb89e5d866
SHA1 756f1fffe96ef581f0d4d47253523544c89a2622
SHA256 c471d622198461715f245d478484fc7c8de533313c56e922931a875460a5aa88
SHA512 55f53adb70b1cf741cdf0dee74d92d2bf4c96954a760afae289972a0ea9bb27bc5eb4df1bd41829c7c484211fcb294fe296a4d560d8a1cdbb8c707b3bf2a79a6

memory/2764-946-0x0000000000380000-0x0000000000381000-memory.dmp

C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

MD5 bc3a575dfb1a58d35e8617f2966bf1ea
SHA1 6353630f62e246d7f462134e8d10a7a42935e20f
SHA256 c029fd3c6ffd2158d0633fc122786838a6f5d3cc7ef78bbe934697015c8c63dd
SHA512 c976da30d343f8e104bec72300dc0c17e582e380f0a3ae85b242dbf2d5b40459feb4a3b7789fb8d755b21cbaa0940038d20dbbf1296a48e77b461092abbbe514

C:\Program Files (x86)\Java\jre7\bin\javaws.exe

MD5 2b4493bb1f94580c41def972ea9a887e
SHA1 880ca8b20c6df9a6a176b91cc50304cb0fe66d06
SHA256 841339373958786d9c93a7dad5de8fd213ed6b5ad69623f5a5762a453c48e0a5
SHA512 b43e54f2c1f3e0a3c3d2fcee518e47d17476bb735606351e41b49e97e10af758ea9a539ac370a2d12cffa93e3e752e829db969968664c59386f65b732c29e40e

memory/2760-970-0x0000000039E00000-0x0000000039E10000-memory.dmp

memory/2760-992-0x0000000000140000-0x0000000000141000-memory.dmp

C:\Config.Msi\f76b80d.rbs

MD5 d857a7e4f5396455f5cfc6876ce72cbd
SHA1 9a36678c871608e34b38f21596a35847e25fc40f
SHA256 84d0378c45f75a5708abb366ff869102fcf0b1c4e19076472f412745e08f9a64
SHA512 f66162e92c5f94887b3b533a87b342d3509a0c60ff9820051ac41be4fe9099456049f491c04154eb97220ca7a1365b283eccaad8c924a762330e1b44ad44b5ea

memory/308-1014-0x0000000000320000-0x000000000032A000-memory.dmp

memory/308-1013-0x0000000000320000-0x000000000032A000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 d3ec4267cb2f1bd30ec52ed612cefc84
SHA1 831dfa5d3a911ccba82bf964258f79055837bce0
SHA256 c972e49a8df6b9eaee83991b7ad9419dd62540c02241b7acd52f832651e28a16
SHA512 55a760ed122a7310581986cb32dfc03e12bcf606158f16a8f5b2f3e2bf7e58dba8da9ebff74cdbedd067248d69ff6e591b284dfbb7db47b152b87f881adf87df

C:\Config.Msi\f76b813.rbs

MD5 783df9c0549f65023725f8db055db804
SHA1 9c08d29e53e51b0a94b2322c5620508ca8eec0a4
SHA256 1e5431cab5a9442d48e47201f16118e7072906f7f82f758fc0464502e80d4ab5
SHA512 50f5265db66049eaadc97f01b32e29d8651f51d525e2ef3ae9122cf53b582cc743f247562cae80943e1f0cbfcdf527b7ed07bfe5312c70721bc0c9a66ca6a94c

C:\Windows\Installer\f76b80f.msi

MD5 55d7e66e49c3994eb5e1004a5efd22b1
SHA1 aa8a045dc0c161e95804f76efe27f1f572072fa8
SHA256 0a833d92b4d4aa068b0cb256b87c0d3495c3cc4a021be86c072095fee467b379
SHA512 2492ca442c4f6aab1f085a54bbbc1a95b836f033f1c8748fa6c3873997a397020baedfc1f661d751afe30ade3ab14b66a676a4731696b6c90c5c3adfa6c2bd2b

memory/308-1104-0x0000000000190000-0x0000000000191000-memory.dmp

memory/2876-1148-0x0000000000190000-0x0000000000191000-memory.dmp

memory/308-1158-0x0000000000190000-0x0000000000191000-memory.dmp

memory/2036-1159-0x00000000001F0000-0x000000000027C000-memory.dmp

memory/1084-1206-0x00000000001D0000-0x00000000001D1000-memory.dmp

memory/1084-1208-0x00000000001D0000-0x00000000001D1000-memory.dmp

memory/1964-1244-0x0000000000150000-0x0000000000151000-memory.dmp

memory/1964-1248-0x0000000000150000-0x0000000000151000-memory.dmp

memory/1712-1279-0x0000000000180000-0x0000000000181000-memory.dmp

memory/2036-1286-0x00000000001F0000-0x000000000027C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 21:40

Reported

2024-06-04 21:43

Platform

win10v2004-20240426-en

Max time kernel

142s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\javaw.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Windows\syswow64\MsiExec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\java.exe C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\SysWOW64\java.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\SysWOW64\javaw.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\SysWOW64\WindowsAccessBridge-32.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\SysWOW64\javaws.exe C:\Windows\syswow64\MsiExec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Riyadh87 C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+2 C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\LICENSE C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Nome C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Paris C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Colombo C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Oslo C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Almaty C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Sakhalin C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Edmonton C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Guayaquil C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Omsk C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Apia C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\charsets.pack C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\St_Johns C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\La_Paz C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Palmer C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Urumqi C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\security\java.security C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Tashkent C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\London C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\MET C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Puerto_Rico C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Gaza C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Anchorage C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Yakutat C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Karachi C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\jpinscp.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\management\management.properties C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Cairo C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Catamarca C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Chita C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Tahiti C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\JdbcOdbc.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Riga C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Bougainville C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Winnipeg C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Andorra C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Monterrey C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Sydney C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Prague C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\j2pcsc.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Indiana\Vincennes C:\Windows\syswow64\MsiExec.exe N/A
File created C:\PROGRA~2\Zona\License_en.rtf C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\San_Juan C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\core.zip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Kuching C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Halifax C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Ashgabat C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\jvm.hprof.txt C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Nairobi C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Mendoza C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Fortaleza C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Novosibirsk C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Darwin C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\bin\policytool.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Galapagos C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Guam C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Wallis C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\America\Juneau C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Jakarta C:\Windows\syswow64\MsiExec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e57c2a4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F03217080FF} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC62F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57c2a8.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC8D0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57c2a4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC4C7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "49792596" C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files (x86)\\Java\\jre7\\bin" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files (x86)\\Java\\jre7\\bin" C:\Windows\syswow64\MsiExec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0081-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_10" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0093-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_93" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_04" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_27" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_41" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_38" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_56" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_46" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_91" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_05" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_10" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_66" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_30" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_53" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0079-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_47" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0079-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_38" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_73" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBC}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_38" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_64" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0082-ABCDEFFEDCBB}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0094-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_04" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_01" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_32" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_54" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_03" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC} C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0075-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA} C:\Windows\syswow64\MsiExec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2064 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 2064 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 2064 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 2064 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe
PID 2064 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe
PID 2064 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe
PID 1380 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe
PID 1380 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe
PID 1380 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe
PID 3952 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 3952 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 3952 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe C:\Windows\SysWOW64\msiexec.exe
PID 1336 wrote to memory of 4276 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1336 wrote to memory of 4276 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1336 wrote to memory of 4276 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1336 wrote to memory of 4076 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1336 wrote to memory of 4076 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1336 wrote to memory of 4076 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4076 wrote to memory of 4856 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 4856 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 4856 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 2368 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 2368 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 2368 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 1832 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 1832 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 1832 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 3848 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 3848 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 3848 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 3636 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 3636 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 3636 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 2204 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 2204 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 2204 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 2756 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 2756 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 2756 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 5116 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 5116 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 5116 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
PID 4076 wrote to memory of 3008 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 4076 wrote to memory of 3008 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 4076 wrote to memory of 3008 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 2960 wrote to memory of 1948 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 2960 wrote to memory of 1948 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 2960 wrote to memory of 1948 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 2960 wrote to memory of 3856 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PID 2960 wrote to memory of 3856 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PID 2960 wrote to memory of 3856 N/A C:\Program Files (x86)\Java\jre7\bin\javaws.exe C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PID 2064 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 2064 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 2064 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 1380 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 1380 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 1380 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 1380 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 1380 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 1380 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 2064 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 2064 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PID 2064 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Processes

C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe"

C:\Windows\SysWOW64\cscript.exe

cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs

C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"

C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe

"C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe" /s REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\jre1.7.0_80.msi" REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0 /qn METHOD=joff

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 3719BBCFF697BF6F786CD1982B07F462

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 76D8C97635F44D5A5251D0BCCC989592 E Global\MSI0000

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\rt.pack" "C:\Program Files (x86)\Java\jre7\lib\rt.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\charsets.pack" "C:\Program Files (x86)\Java\jre7\lib\charsets.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\deploy.pack" "C:\Program Files (x86)\Java\jre7\lib\deploy.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\javaws.pack" "C:\Program Files (x86)\Java\jre7\lib\javaws.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\plugin.pack" "C:\Program Files (x86)\Java\jre7\lib\plugin.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\jsse.pack" "C:\Program Files (x86)\Java\jre7\lib\jsse.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\ext\localedata.pack" "C:\Program Files (x86)\Java\jre7\lib\ext\localedata.jar"

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\jfxrt.pack" "C:\Program Files (x86)\Java\jre7\lib\jfxrt.jar"

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -Xshare:dump

C:\Program Files (x86)\Java\jre7\bin\javaws.exe

"C:\Program Files (x86)\Java\jre7\bin\javaws.exe" -fix -permissions -silent

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\Program Files (x86)\Java\jre7\lib\deploy.jar" com.sun.deploy.panel.JreLocator

C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe

"C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre7" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTdcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xiaW5camF2YXcuZXhl -ma LWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\utils.jar" ru.megamakc.core.JavaArch

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\utils.jar" org.sevenzip.decoder.SevenZipFolderDecoder "C:\Users\Admin\AppData\Roaming\Zona\tmp\18467Zona.7z" "C:\PROGRA~2\Zona" "C:\Users\Admin\AppData\Local\Temp\zonaErr_core_-449572260.log"

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\utils.jar" org.sevenzip.decoder.SevenZipFolderDecoder "C:\Users\Admin\AppData\Roaming\Zona\tmp\6334appdata.7z" "C:\Users\Admin\AppData\Roaming\Zona" "C:\Users\Admin\AppData\Local\Temp\zonaErr_plugin_-449571104.log"

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

"C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\Zona.jar" org.gudy.azureus2.core3.util.Constants

Network

Country Destination Domain Proto
US 8.8.8.8:53 i3.x8.net udp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
RU 178.218.223.40:80 i3.x8.net tcp
US 8.8.8.8:53 dl.zona.ru udp
RU 46.254.16.107:80 dl.zona.ru tcp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 107.16.254.46.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 stat.miniload.org udp
RU 178.218.223.40:80 i3.x8.net tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
DE 23.56.205.197:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 197.205.56.23.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 rps-svcs.sun.com udp
BE 104.117.77.74:80 rps-svcs.sun.com tcp
US 8.8.8.8:53 javadl.oracle.com udp
GB 2.22.96.153:80 javadl.oracle.com tcp
US 8.8.8.8:53 74.77.117.104.in-addr.arpa udp
GB 2.22.96.153:443 javadl.oracle.com tcp
US 8.8.8.8:53 153.96.22.2.in-addr.arpa udp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 sjremetrics.java.com udp
IE 66.235.152.225:443 sjremetrics.java.com tcp
US 8.8.8.8:53 225.152.235.66.in-addr.arpa udp
RU 178.218.223.40:80 i3.x8.net tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/2064-0-0x0000000000370000-0x00000000003FC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 261142a8ba93f80ca84647137c4942ca
SHA1 f49ce4d2c8985f477b0a7ee5e17ec5fd4b4a3291
SHA256 2c008372c92bcaf3c47ddefc1282c7f094a879128524968c4aba521e3bb66db1
SHA512 4d31829684eda3278c51dba1a626841a7b3f57749db34f7cd5ece4dd9cc9dd655cda9f4d1233a077f577538f1eb02a2a23a783ddd1e259d915fbc22f8b3727af

C:\Users\Admin\AppData\Local\Temp\hd.vbs

MD5 d8682d715a652f994dca50509fd09669
SHA1 bb03cf242964028b5d9183812ed8b04de9d55c6e
SHA256 4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba
SHA512 eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 36aad274eb7cd69d2436f43e96be44db
SHA1 3dafde9d25157fb4a052448ef37bdfb8251e5ff5
SHA256 72e133eaa3ffcd136dca11af8a1c6612866539d14f89bb78edc6e54da81e2730
SHA512 17cae82ff93c8e211b1d869f99ab2f1efcc4678755be7c137e09537e36f3216faeb9081767aa5f027aa04a905bbdf818222cce7fe213e626aaf69087701f100a

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 a3a56a015c798229181d40f868a9da24
SHA1 d2d02869eb654c5b16291d53e5f68a9947f40d6a
SHA256 9f3808a9541a9b2cc683b4f072d5602f2891045d67b95a2d347ecda1949ede22
SHA512 fa46c2a426df339a4a7c699fcd639769c6d5c74d72b8fb78da0ca29b3ebe28754dadb15ac20394d869402deddcc1f59f5f93ed4b482d829b9ea23d081770c1ba

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 1fd3b3deaf9d5e3a6fa8ede9d24d7848
SHA1 22b811fe6996e4c89910c0665f7548474abac773
SHA256 b749ceaa0220ae70900a6e8a44555348b527f56e8b0937e55b4c42b95f90cdd1
SHA512 5ced5b74be9ecc41822d09f44e8a79590a2648bbf847aaf0dbfc7ed41eaee7fdd735454f2c53036f74d8ec962211f047d4fa15fcd91f94fe8fbce26c6f65aabe

memory/1380-77-0x0000000000370000-0x00000000003FC000-memory.dmp

memory/2064-76-0x0000000000370000-0x00000000003FC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 77b375972abc487ca91165274d5afda1
SHA1 c783602aa93bfd4161bf7c0b0d984f2ca0834d23
SHA256 dcf1ce7539d7654206640179b4f786699bfe536fd823747c440691b84af8c9a2
SHA512 43f62e09be4fa72ac73918d6174a4639f2b05c762762ebd8f3416fdcdbd2e1f89e168efdd2dc3521c0026c1843af074ec37879d633dbcf662224d2de80a7c876

C:\Users\Admin\AppData\Roaming\Zona\tmp\41javaSetup.exe

MD5 f2fd417b6d5c7ffc501c7632cc811c3e
SHA1 305c1493fca53ab63ba1686c9afdfb65142e59d3
SHA256 a87adf22064e2f7fa6ef64b2513533bf02aa0bf5265670e95b301a79d7ca89d9
SHA512 289ee902156537e039636722ad5ac8b0592cf5cffda3d03cf22240003627b049382b95db1b24cf6a2f7134b0df93ede65a80a86381fc161b54c84a76ed04458b

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\jre1.7.0_80.msi

MD5 e24d9b483ce7a3a6a4406111883457f7
SHA1 0d5efff0d110c48f5e6f5d438967427f1e2dbf84
SHA256 dbf28e21d55dd662cccf4d422a1a645a6a3dbfd6914942dde417d20c4d2fe01c
SHA512 b614b023ce683e78ee685be028fa06d7df90f10360d55de2a8c1214200b0b85998683502f377b01584bf23b72b168c33ef560a78d7abdf68aa3af87beca59398

C:\Windows\Installer\MSIC4C7.tmp

MD5 9f84d910602183954bed6d9660600783
SHA1 82e3b122dc63e0a333bca531dd16667d5fafbf23
SHA256 bf4e4c75d148cb412e28a0b4e665919fd5ac6b9aa6bc3fa75401394759218d5e
SHA512 09fb450e6c6f22a32d5e06f470070aab17d4973afe307b529093af7fa29ab96b61a89814e4964d005459f8ebb25716134a5e1c41f6ea7d260361b135306544b9

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 5c61ec03c696f439f1133389fbfc71d9
SHA1 984b90e9a990e1cd7dfd5ce36a5eec9392ae5250
SHA256 360f16ff98d595266c62e566eb6582a6e8ed36537de0f6d8d8bb78008c9c504d
SHA512 4f2cd3c30eaa0d1ccc406be95d5bdfc401829902ecd0a7678d8ef21f802fe55b2910369510602e67169ac9b5033d7da7bea87ab27a20e135d0b6c2af15dcc190

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\Data1.cab

MD5 003a488a2139105704566b47eb29520d
SHA1 52d672a592cd52ad5e2e7239421f2659e0d17afa
SHA256 a84262dd486cf59049d0d2d9a1b00dfb5aa5271592edd8de0e052f12496dec67
SHA512 ab34061f8e04bb1d59f1b35e0e1848a176f2b119095e79015130da3a4384c70fa35ecbe1625e07c0eb0de49c67bcdbba59f10fa1dfbbb2066dcb6ee6825215de

C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

MD5 0d46182b6134aa9c7acd16133d67e4c3
SHA1 7b5be3d65e5e744723bf55a08f9dc1042585d5eb
SHA256 c89091f2a4de2fcf10b30e54a74ec5764e2dfc0577f4f1d879ac8816e3b08bcc
SHA512 735b6c6bd69b22a71c15ae44c6fa1693700321dc3b4b2367ce05d5c37df62e45d1d3836c2c0f5e44be1036aeb11a533c2a4dbec55163b4a15adfa1c8ef75673b

C:\Program Files (x86)\Java\jre7\bin\MSVCR100.dll

MD5 bf38660a9125935658cfa3e53fdc7d65
SHA1 0b51fb415ec89848f339f8989d323bea722bfd70
SHA256 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA512 25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

C:\Program Files (x86)\Java\jre7\lib\rt.pack

MD5 b6d75e8c90c79af1579769f10b1e5c88
SHA1 146cb3f05fa161885e8faf079fa2bbd89b5c5b18
SHA256 82dc6806d9ec9eb16604f90a5c78d0d882b69a0e718d8f6c3c6b7c9719887b7e
SHA512 02cdd0c0d6e71bc09120db2cd3b9471c0176567d92bb74a08c13e82c1d23722eb4afac41583a11dee3fc531fd442754ee0f5cb964898ec036ddd432947996037

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 525bf7f5b63ffd5e86fa3aee92551c21
SHA1 bf3cd939fe57f5076afbd231cb5b1b0ea03ba5d0
SHA256 e0e88bda4bcbbcfadb1009060372744f8b3f3628ae29b1d310a99255ec76aa7a
SHA512 825d048f8a3eb7ec88bda27eaf34b5c05a9545a12d48d29fc264aeae571fb2b4aa2957cd1b5459d53dc5d18b7968760d47136a6ec099c5612c3a7ab677b24d73

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 18f48d6714640435ab93cad409e10070
SHA1 fd33c178274fb08adb77cf5c695ce29ba32417bd
SHA256 f7468e1cf9cb05006bb7eebf4ce106f98828351ac7d8637486794ba90e5f5bc2
SHA512 632e4957e610ab787ed9a2cf3e8d988acb16e4cfc4d4df9b52682ca54fa4f7fed980b7b5dd69b1c4dd71554894ee5e5199da630b721f3c7403652f923a16dcc1

C:\Program Files (x86)\Java\jre7\lib\charsets.pack

MD5 549bbcd204914b543dafee670f110834
SHA1 012461935191a55482e8c3d453d245e965a10a2a
SHA256 8ea5af036ec067a0abcf87b8f5921e2281ff9d259e1d4c3bbe7fa9037cd87d02
SHA512 b0346a2ec52ce47351286f27f347f5fea99e160aedde52bcf74e1629739704bd975c9c99d8db6be3b6bd45e7fa933616fa081eda49e9b911efcc031c7241400e

C:\Program Files (x86)\Java\jre7\lib\deploy.pack

MD5 b2a448112b7c886ccce9b6a3d5efd8a0
SHA1 660bc9efe960015b208a421b1a63443e7151024f
SHA256 928f6b847f94b920c462a08c43f0dfd3f7c40076b1cd60545523a5c27a4870ca
SHA512 871da63f4eaf16d77ba6c19c10d8ddd8e94f744c20a70e24793f837023d20e56698d85f67498bc06ec37b73a8f376c220afbe7f3884b00536b710ff49c339b3f

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 a2623660c345873243bb8f88145663b5
SHA1 d8cabac7b4057649bb6ca31504719fb0881c7190
SHA256 3532daff57c2b70280ef79edf17af55d108b2d46b88bdbf248fab74db2a43d14
SHA512 60dc96479ae28a9011dee7a2e8ff2cb60ab548a6164ba8f5562fcd1cb154362677a68c98c62aa62333ac9812d4ddb3e332957efdbc5acfb5eade18f111c21f6e

C:\Program Files (x86)\Java\jre7\lib\plugin.pack

MD5 47d6cfa1b01a6d41885504bbc3b1919a
SHA1 3838060f9d530c972d65f36fa38b265120a218aa
SHA256 93defaaf7f82e2e9565b27dd31a41c89e02d1b7719d0da0b940a55dcc75b91e5
SHA512 b0df9b174624234aaeb2b50cf611f698377925a0ae5c5ee9da46c65fcecf4d28941d1bf2332316d9327981c1f8c6c4fecf750e013f04eef63f5df52d27593135

C:\Program Files (x86)\Java\jre7\lib\ext\localedata.pack

MD5 c8dc1cfeaf0fefc39ed0f1de4eaa175c
SHA1 11cacbb9e5724d37789455de37a225d8e0c648a1
SHA256 da2803a283d28882182e1e280b4f25ee1579a5805e73fcc9882e63968f102a8f
SHA512 6b419ba94ae90f8caa3a57690f2ec7e249c9fb8ab86819439621cde1243c7636ee76820622ce32ed483ce76976f7ced74778898fc2725b1a2407b039fb53508c

C:\Program Files (x86)\Java\jre7\lib\jfxrt.pack

MD5 dfaa6429468d56ef77932cf26a495f75
SHA1 8a21a29225640f1829ae328a24ef9cb5e215a4e0
SHA256 8c481a549acfa58b1bac0385906febe33a928d004a529fec505b6a9228678fed
SHA512 6c19ed573b111315648de0646441486729b304452c15b2282938460a2339db0be4e1eb19cf6f2bf17f73037811ca2553a15957ea96b9d9af64a93045407c1148

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 cc147c8509b89de26462cd73e51d3df4
SHA1 b37e85f40a18c1832530a760b309799378f7f6a9
SHA256 2f0f162f348b4020566418fd30c090fac83883284dde7c163b923f68d0886c69
SHA512 b8ef88fc7c91371605dc12a6fae41fa576836ad7eecbf728cd78ab5de9b235c221d5f43d2e9f9adc234f6ae5c3e823dd1b213aaa0340aa8d341015ad393a3e93

C:\Users\Admin\AppData\Local\Temp\java_install_reg.log

MD5 f8494f1793c2781ff2473084d541ecb9
SHA1 235bf7d9af309fd7ca2d181ee42c01d041492a2c
SHA256 464a19e3f00f1ae1374a8107b2425819541cb19caf4bb252b2be43677326286b
SHA512 55d07939940ba52f6130051ab896597bcef358476042c0dd06a887355a6355af00f55b55097ddfb3453fd8a40e4dc4719eb989a71138476e103e911d331bf94f

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 c5c88a9fbd98c48c6e997e930d45c5ac
SHA1 eb10e50219a79189c1a2d090853990a571f8a36c
SHA256 b44c0b0050f73a43a54a6e0d24e41c0843fd36c5e836997cf0f05405b72221a7
SHA512 1654c5451b99e1e2232595f02f818b27115b0d77c651c9202321879c4fed37231b9389001c3140ca199186e3a1d98c029e190be745c534de2304b225a8e3e638

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

MD5 64e2bb67ea740860510dcc5c2b6ffa2d
SHA1 6c5996358264624cdb4a075acc4f0b46177cd259
SHA256 844ab2231f45fad60d81770ea36d9937da9aa72cd905ce06e7471ddf9d69263b
SHA512 ed24331883ada44d8b034f5c8bc458e53234109d5cd02a27989972033f5b3305d23365106ce80be81caa16e472c14c103e457a1e0d138eb0d95036e58d877462

C:\Program Files (x86)\Java\jre7\bin\zip.dll

MD5 1ecf056944068b933ba71cda3edc4a68
SHA1 2052b2138db0d9a368942470b41bb6fc5b1d4007
SHA256 35ce7ab154a38e97951714e17f7689873d89e8c01188de6e5cd741bc0ca3e384
SHA512 cadf312841d392a9970cc068b72063e17454d5e6738b46ec9622257d9dfc0bcad0d9420352752bf7d8f8e8ceaf6aca97d83896f753dc12cfeac3e5efb5e1ab05

C:\Program Files (x86)\Java\jre7\bin\java.dll

MD5 a258a133f7d565600647a248ab95792c
SHA1 1c6a855ca1fc04413b906b0b17609eff38317161
SHA256 81ad5696a6fcad89127fc7a428636d431b446ff1ee0c37bf87e8d513a8bae7af
SHA512 bf9dd97947eb0c71243ae28255af54b06d9e17af7ade666538dd93f9fdf6d8fbc3855f48bfaf6522dbd9ce3c6cff655581f092709670606d033f2321b1f4a5e7

C:\Program Files (x86)\Java\jre7\bin\verify.dll

MD5 cb89b1d71061f5ec52468528ecc0b1fc
SHA1 6feb23a8b5719c8997de92c7da644807fcba8819
SHA256 87d8d59972e73700507c07cee8750b0053c6a0899410338722a00c2803d39ee6
SHA512 2ff0ed38c7f28eb7ea16f24a0841dfb3306c4fec48ded5fddec8c3140f1a425433a444fe6b6cc4c17b3a39841c8ab0c23d7c9525c119c1b9d6daac2c17a4e4b0

C:\Program Files (x86)\Java\jre7\bin\client\jvm.dll

MD5 27147e1e3faf9b5ccda882cd96f2a85c
SHA1 7103f60121727917f812bfc7cdff5347fc17cc8e
SHA256 500d359211ece211cf672de328345876f016fb4a476b2a03cbc3b8b89023ae1f
SHA512 0866c604911e243687e7fe721142eb882b19691c902736b59ba304933463d8c9154ecc319b91c9771cee8139e151cc2a2e960bc7a93ed97352cf5232a0964194

C:\Program Files (x86)\Java\jre7\lib\i386\jvm.cfg

MD5 5147cce789cd18ad6b2996eb89e5d866
SHA1 756f1fffe96ef581f0d4d47253523544c89a2622
SHA256 c471d622198461715f245d478484fc7c8de533313c56e922931a875460a5aa88
SHA512 55f53adb70b1cf741cdf0dee74d92d2bf4c96954a760afae289972a0ea9bb27bc5eb4df1bd41829c7c484211fcb294fe296a4d560d8a1cdbb8c707b3bf2a79a6

C:\Users\Admin\AppData\Local\Temp\java_install_reg.log

MD5 a571a80e3e7f07d8d5318528ffcf057f
SHA1 e3ec23f4b500ff697f327a186c6b7a1d0203d242
SHA256 9bf99654183263090ac650e9f691e074a0de278848a0b618df2c074d9fac23e7
SHA512 70db57b8e9aafeaf7fb4e7c7bc4a7b91297b3e5ed7dbe683c63c8191bd98c0a92457d92ee4ee379eca4935c85362cbbfb1bc9fa4a00cc010afec40752d641be4

memory/3008-864-0x0000000002D00000-0x0000000002D01000-memory.dmp

C:\Program Files (x86)\Java\jre7\bin\java.exe

MD5 88651044108e995f9801e35d2582491c
SHA1 abbf404c0253d085223a64ab947e1057c4211c9c
SHA256 c7fd72a0730b377c6da5ac80cdaf5f4cca84cc999a563a4c420fe5a8576810f8
SHA512 486b1d7ad7c3debcb8d70f9351adb08c8321c4cfb409a00ff818be1dacdc376a0eded630ccdc74aa99cc472589b88c9681989076fd78eb109759d33e7bf70543

C:\Program Files (x86)\Java\jre7\bin\deploy.dll

MD5 87ec9d4a00d34eb6a0f8f92e1d1cc08e
SHA1 bee4ecae201905096dd44d1d348ecb3556d90832
SHA256 352707a271a9ab5d0e190a539b6468d6c6c5ce9675b300acf2305aa1f30625d8
SHA512 5b7f9866168ad7948a5a80078b14ff747201d17922ca907072a081e0078f6ac68446ddd36b027b4a17f5afa7d1bb4962642cff28cf66867171ebb78735f242d2

C:\Program Files (x86)\Java\jre7\bin\WindowsAccessBridge-32.dll

MD5 1722510af00ea3c7406681b47bf442f7
SHA1 cafac266d52d78d3743c31ebef22a894781e0de5
SHA256 4010a3ec604a327861bedf01626c12eaded9d381b6e4f0e6f760895838834a21
SHA512 31a2ce3d5eb9828cbb82d2a7e29f2c5bf46528d38f25827329512cedde37bd03b3cfdba0aba3320b6c0e7779588958e83bff735f6059aad37172598e70e863eb

C:\Program Files (x86)\Java\jre7\lib\images\cursors\invalid32x32.gif

MD5 1e9d8f133a442da6b0c74d49bc84a341
SHA1 259edc45b4569427e8319895a444f4295d54348f
SHA256 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA512 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

C:\Program Files (x86)\Java\jre7\bin\wsdetect.dll

MD5 958bc8d82e4d0a5b51536bb4fc4fb6d6
SHA1 626312fa01c72ec5c85c9262ba0ae97a8b1f5b25
SHA256 2ef891881d506084ed182a0ac58b10dbe8c45877ef889ac9105f19431beee4ca
SHA512 fe17b58e3eed817619bebf6d091aee99fdc331c9c5a4163e9f5993b41b2e7362365da210e0636755ada6b8838012de1bc5435b8670aa12f378a3c9e3a9f5af04

C:\Program Files (x86)\Java\jre7\lib\zi\MST

MD5 11f8e73ad57571383afa5eaf6bc0456a
SHA1 65a736dddd8e9a3f1dd6fbe999b188910b5f7931
SHA256 0e6a7f1ab731ae6840eacc36b37cbe3277a991720a7c779e116ab488e0eeed4e
SHA512 578665a0897a2c05eda59fb6828f4a9f440fc784059a5f97c8484f164a5fcec95274159c6ff6336f4863b942129cb884110d14c9bd507a2d12d83a4e17f596d2

C:\Program Files (x86)\Java\jre7\lib\zi\HST

MD5 715dc3fcec7a4b845347b628caf46c84
SHA1 1b194cdd0a0dc5560680c33f19fc2e7c09523cd1
SHA256 3144bc5353ebbd941cdccbbd9f5fb5a06f38abf5cc7b672111705c9778412d08
SHA512 72ab4b4ad0990cce0723a882652bf4f37aac09b32a8dd33b56b1fbf25ac56ae054328909efd68c8243e54e449d845fb9d53dd95f47eaaf5873762fcd55a39662

C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+5

MD5 a2abe32f03e019dbd5c21e71cc0f0db9
SHA1 25b042eb931fff4e815adcc2ddce3636debf0ae1
SHA256 27ba8b5814833b1e8e8b5d08246b383cb8a5fb7e74e237cdbcadf320e882ab78
SHA512 197c065b9c17c6849a15f45ac69dafa68aaa0b792219fedb153d146f23997bfa4fbc4127b1d030a92a4d7103bded76a1389df715b9539ea23ea21e6a4bb65fb2

C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT

MD5 7da9aa0de33b521b3399a4ffd4078bdb
SHA1 f188a712f77103d544d4acf91d13dbc664c67034
SHA256 0a526439ed04845ce94f7e9ae55c689ad01e1493f3b30c5c2b434a31fa33a43d
SHA512 9d2170571a58aed23f29fc465c2b14db3511e88907e017c010d452ecdf7a77299020d71f8b621a86e94dd2774a5418612d381e39335f92e287a4f451ee90cfb6

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 6395ef19c45e81bddd74837a1394acb5
SHA1 92a97d8fa5c76891d0df4b4d9812370ee85859b9
SHA256 a0da062ab80c0dc8d84f51bd76faf53001cd4b48bcbc0ddae6d75e210ea92ccb
SHA512 5bb7439566d386aa46774e71378284fff75855f2b5971345d54e5142a23a9488a49b1de2a9533d37cb3f33c8d50cc64727daac7c96ca6dd3779144379a068fdb

C:\Program Files (x86)\Java\jre7\lib\jsse.pack

MD5 31b4d9c29d29567b0ae3037fac9fbdc6
SHA1 8b5d1b1a309177466d71a742414d441f600ea38e
SHA256 9f031f2f1292bb311c400b0a93a11b78a08f013332b1263ea58617b6548862eb
SHA512 b4a8a3a1e837f98a3164e19a6fe939819eb336892335de975822890b52b5923d85fee4c4e5464ccb0d46c847f37f7da98a839aadbf4d20fca355f396a53836c0

C:\Users\Admin\AppData\Local\Temp\java_install.log

MD5 d2c611a13ec2cd37d228aad0305dc734
SHA1 b7d5dd93fb333c96f9d0c516fc862a1f6dc31ae8
SHA256 648dac2d3607a22d24056d6d29f1e43343c0e812faffa92a381f627cc42789d4
SHA512 5e73bcfaf14e4a45068a74623e9ed39276844efc6269604ea231f1457c5837605e34ebc7fbf106156b0d653c3a0ce90bf0817d09a44a7b268718747506da70d3

C:\Program Files (x86)\Java\jre7\lib\javaws.pack

MD5 491bce42c6cd8af88a2e11f37711ed4f
SHA1 3de7c18fee44465a6afe34e068f2a64dea9fa324
SHA256 ee43869ee94eefe241d661101ff6a03cc276f8e558967b1b350ea088f1dad2e2
SHA512 1e5f99466b77b5a82c23449434272acf5746811ef96b98105f89b3339ccd86734d7713c94b773755219345d673a761a356fbe846a38e7893bd8894e43cf102e4

C:\Program Files (x86)\Java\jre7\bin\javaws.exe

MD5 2b4493bb1f94580c41def972ea9a887e
SHA1 880ca8b20c6df9a6a176b91cc50304cb0fe66d06
SHA256 841339373958786d9c93a7dad5de8fd213ed6b5ad69623f5a5762a453c48e0a5
SHA512 b43e54f2c1f3e0a3c3d2fcee518e47d17476bb735606351e41b49e97e10af758ea9a539ac370a2d12cffa93e3e752e829db969968664c59386f65b732c29e40e

C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

MD5 bc3a575dfb1a58d35e8617f2966bf1ea
SHA1 6353630f62e246d7f462134e8d10a7a42935e20f
SHA256 c029fd3c6ffd2158d0633fc122786838a6f5d3cc7ef78bbe934697015c8c63dd
SHA512 c976da30d343f8e104bec72300dc0c17e582e380f0a3ae85b242dbf2d5b40459feb4a3b7789fb8d755b21cbaa0940038d20dbbf1296a48e77b461092abbbe514

memory/1948-1464-0x000000003AA00000-0x000000003AA10000-memory.dmp

memory/1948-1486-0x0000000001290000-0x0000000001291000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 c637f82d4ea1eebcad6de4764cb7e5d6
SHA1 b1e84521046e26adbd8b50effacfeb6e084766c8
SHA256 3bb994a8d83cc89eb5b9700eeecd3e4f643a1617020e2e8ddfb70d45d83e9667
SHA512 f91da30b101a99f5d2cfe1ada15f28b675d89eed7b0e753d695143730dac256f3b00d0cb41483a201ad285748cd640d0589d8cea7dad8614e79afefcdca6dbeb

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 ac5eea007f6ea653bc6d9a7564e68f87
SHA1 fdaed9240b0e50881a9061dda2a66320b2ae7cc6
SHA256 b53456c5ae5198ce3dcb3b2728eb7d57087612456ff61e5d83bcd12ccecb366e
SHA512 145db4982d1063da2f7c819b76918fabcb8e34135c93b2c4b0c16da228e577bcc71c2a361b22af15d38c87c841589a8acd94484e73de03946a673c8433636ea3

C:\Config.Msi\e57c2a7.rbs

MD5 176405bbcf6fba2776e67e760f8777b2
SHA1 630b180ff7456626c878e7902b2aa2ebf87aa4b2
SHA256 42c3b48d2edd5e3b47fd183af6bca0b3d10b581561d5d1601f3bbadd131ca0f4
SHA512 307f44dc7b2b9ecf61f817d466cb8b60706e3b8ec363f6f64af6ca1f714d764e8b11a7689a0de4ae05cdeedb20ddb0b8db6feffde959de336148e0a391c679b2

memory/3796-1604-0x00000000010E0000-0x00000000010E1000-memory.dmp

memory/3856-1611-0x0000000000910000-0x0000000000911000-memory.dmp

memory/3856-1617-0x0000000000910000-0x0000000000911000-memory.dmp

memory/2064-1618-0x0000000000370000-0x00000000003FC000-memory.dmp

memory/4148-1672-0x00000000011E0000-0x00000000011E1000-memory.dmp

memory/4148-1674-0x00000000011E0000-0x00000000011E1000-memory.dmp

memory/4260-1710-0x0000000002990000-0x0000000002991000-memory.dmp

memory/4260-1712-0x0000000002990000-0x0000000002991000-memory.dmp

memory/4260-1714-0x0000000002990000-0x0000000002991000-memory.dmp

memory/4876-1745-0x00000000007F0000-0x00000000007F1000-memory.dmp

memory/2064-1752-0x0000000000370000-0x00000000003FC000-memory.dmp