Windows Analysis Report
def.jar

Overview

General Information

Sample name: def.jar
Analysis ID: 1533290
MD5: 99503d0942c58af3428743457266e7ac
SHA1: ba8405bf4526e3550ff4d91ea0a09badb3381092
SHA256: 035c22b0167d3b8f63699e37bd8bc48e805308752238e9b0ccf26fcce0bed838
Tags: italimmuojaruser-JAMESWT_MHT
Infos:

Detection

Branchlock Obfuscator
Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected Branchlock Obfuscator
AI detected suspicious sample
Exploit detected, runtime environment starts unknown processes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses the Telegram API (likely for C&C communication)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to detect virtual machines (SLDT)
Contains functionality to query CPU information (cpuid)
Creates a process in suspended mode (likely to inject code)
Enables debug privileges
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Use Short Name Path in Command Line
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection

barindex
Source: Submited Sample Integrated Neural Analysis Model: Matched 80.7% probability

Software Vulnerabilities

barindex
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe

Networking

barindex
Source: unknown DNS query: name: api.telegram.org
Source: Joe Sandbox View IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View ASN Name: TELEGRAMRU TELEGRAMRU
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: public-suffix-list.txt String found in binary or memory: // https://www.iana.org/domains/root/db/hotmail.html equals www.hotmail.com (Hotmail)
Source: public-suffix-list.txt String found in binary or memory: // https://www.iana.org/domains/root/db/yahoo.html equals www.yahoo.com (Yahoo)
Source: public-suffix-list.txt String found in binary or memory: // https://www.iana.org/domains/root/db/youtube.html equals www.youtube.com (Youtube)
Source: public-suffix-list.txt String found in binary or memory: // www.yahoo.com.by, for example), so we list it here for safety's sake. equals www.yahoo.com (Yahoo)
Source: global traffic DNS traffic detected: DNS query: api.telegram.org
Source: DEPENDENCIES String found in binary or memory: http://brotli.org/dec)
Source: java.exe, 00000002.00000002.1547644486.000000000A3F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: java.exe, 00000002.00000002.1547644486.000000000A5CE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
Source: java.exe, 00000002.00000002.1547644486.000000000A5CE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: java.exe, 00000002.00000002.1547644486.000000000A5CE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt
Source: java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: java.exe, 00000002.00000002.1547644486.000000000A5CE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: java.exe, 00000002.00000002.1547644486.000000000A5CE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: public-suffix-list.txt String found in binary or memory: http://cenpac.net.nr/dns/index.html
Source: public-suffix-list.txt String found in binary or memory: http://cnnic.cn/html/Dir/2005/10/11/3218.htm
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A705000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A705000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A705000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A705000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A705000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: java.exe, 00000002.00000002.1547644486.000000000A5CE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
Source: java.exe, 00000002.00000002.1547644486.000000000A5CE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl
Source: java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: java.exe, 00000002.00000002.1547644486.000000000A5CE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: java.exe, 00000002.00000002.1547644486.000000000A5CE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: public-suffix-list.txt String found in binary or memory: http://dns.marnet.net.mk/postapka.php
Source: public-suffix-list.txt String found in binary or memory: http://domain.nida.or.kr/eng/registration.jsp
Source: public-suffix-list.txt String found in binary or memory: http://domains.fj/
Source: public-suffix-list.txt String found in binary or memory: http://domains.qa/en/
Source: public-suffix-list.txt String found in binary or memory: http://domreg.merit.edu
Source: public-suffix-list.txt String found in binary or memory: http://gadao.gov.gu/register.html
Source: public-suffix-list.txt String found in binary or memory: http://hoster.by/
Source: public-suffix-list.txt String found in binary or memory: http://icmregistry.com
Source: java.exe, 00000002.00000002.1547644486.000000000A40F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.oracle.com/
Source: public-suffix-list.txt String found in binary or memory: http://jprs.co.jp/en/jpdomain.html
Source: public-suffix-list.txt String found in binary or memory: http://jprs.jp/doc/rule/saisoku-1.html
Source: pom.xml String found in binary or memory: http://json.org/license.html
Source: pom.xml String found in binary or memory: http://maven.apache.org/POM/4.0.0
Source: pom.xml String found in binary or memory: http://maven.apache.org/xsd/maven-4.0.0.xsd
Source: public-suffix-list.txt String found in binary or memory: http://nic.ac/rules.htm
Source: public-suffix-list.txt String found in binary or memory: http://nic.ae/english/arabicdomain/rules.jsp
Source: public-suffix-list.txt String found in binary or memory: http://nic.ba/users_data/files/pravilnik_o_registraciji.pdf
Source: public-suffix-list.txt String found in binary or memory: http://nic.com.ai/
Source: public-suffix-list.txt String found in binary or memory: http://nic.gl
Source: public-suffix-list.txt String found in binary or memory: http://nic.mg/nicmg/?page_id=39
Source: public-suffix-list.txt String found in binary or memory: http://nic.sh/rules.htm
Source: public-suffix-list.txt String found in binary or memory: http://nic.tn
Source: java.exe, 00000002.00000002.1550605385.0000000015D24000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A6AE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1550030787.00000000156D0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://null.oracle.com/
Source: java.exe, 00000002.00000002.1550030787.00000000156D0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://null.oracle.com/B
Source: java.exe, 00000002.00000002.1547644486.000000000A5CE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com
Source: java.exe, 00000002.00000002.1547644486.000000000A5CE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: java.exe, 00000002.00000002.1547644486.000000000A5CE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: java.exe, 00000002.00000002.1547644486.000000000A5CE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: public-suffix-list.txt String found in binary or memory: http://pk5.pknic.net.pk/pk5/msgNamepk.PK
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://policy.camerfirma.com
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A705000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://policy.camerfirma.com0
Source: public-suffix-list.txt String found in binary or memory: http://psg.com/dns/gn/gn.txt
Source: public-suffix-list.txt String found in binary or memory: http://psg.com/dns/lr/lr.txt
Source: public-suffix-list.txt String found in binary or memory: http://registro.br/dominio/categoria.html
Source: public-suffix-list.txt String found in binary or memory: http://registry.gc.ca/en/SubdomainFAQ
Source: public-suffix-list.txt String found in binary or memory: http://registry.gy/
Source: public-suffix-list.txt String found in binary or memory: http://registry.pro/get-pro
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A705000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/0
Source: java.exe, 00000002.00000002.1531527006.000000000529A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/kay
Source: public-suffix-list.txt String found in binary or memory: http://samoanic.ws/index.dhtml
Source: public-suffix-list.txt String found in binary or memory: http://sonic.so/policies/
Source: public-suffix-list.txt String found in binary or memory: http://tld.by/rules_2006_en.html
Source: public-suffix-list.txt String found in binary or memory: http://whois.nic.bi/
Source: pom.xml String found in binary or memory: http://www.JSON.org/
Source: public-suffix-list.txt String found in binary or memory: http://www.anrt.ma/fr/admin/download/upload/file_fr782.pdf
Source: pom.xml String found in binary or memory: http://www.apache.org
Source: NOTICE String found in binary or memory: http://www.apache.org/).
Source: package.html String found in binary or memory: http://www.apache.org/licenses/
Source: LICENSE, pom.xml, version.properties String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: public-suffix-list.txt String found in binary or memory: http://www.auda.org.au/
Source: public-suffix-list.txt String found in binary or memory: http://www.belizenic.bz/
Source: public-suffix-list.txt String found in binary or memory: http://www.bermudanic.bm/dnr-text.txt
Source: public-suffix-list.txt String found in binary or memory: http://www.bnnic.bn/faqs
Source: public-suffix-list.txt String found in binary or memory: http://www.cctld.nc/
Source: public-suffix-list.txt String found in binary or memory: http://www.cgdn.org.au/
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.chambersign.org
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A705000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.chambersign.org1
Source: public-suffix-list.txt String found in binary or memory: http://www.channelisles.net/register-domains/
Source: public-suffix-list.txt String found in binary or memory: http://www.cmc.iq/english/iq/iqregister1.htm
Source: public-suffix-list.txt String found in binary or memory: http://www.com.jm/register.html
Source: public-suffix-list.txt String found in binary or memory: http://www.dns.ao/REGISTR.DOC
Source: public-suffix-list.txt String found in binary or memory: http://www.dns.cv/tldcv_portal/do?com=DS;5446457100;111;
Source: public-suffix-list.txt String found in binary or memory: http://www.dns.hr/documents/pdf/HRTLD-regulations.pdf
Source: public-suffix-list.txt String found in binary or memory: http://www.dns.jo/Registration_policy.aspx
Source: public-suffix-list.txt String found in binary or memory: http://www.dns.lu/en/
Source: public-suffix-list.txt String found in binary or memory: http://www.dns.pl/english/index.html
Source: public-suffix-list.txt String found in binary or memory: http://www.dns.pl/english/index.html)
Source: public-suffix-list.txt String found in binary or memory: http://www.domain.hu/domain/English/sld.html
Source: public-suffix-list.txt String found in binary or memory: http://www.domain.kg/dmn_n.html
Source: public-suffix-list.txt String found in binary or memory: http://www.domaine.km/documents/charte.doc
Source: public-suffix-list.txt String found in binary or memory: http://www.domains.ph/FAQ2.asp
Source: public-suffix-list.txt String found in binary or memory: http://www.dot.kn/domainRules.html
Source: public-suffix-list.txt String found in binary or memory: http://www.dot.mp/
Source: public-suffix-list.txt String found in binary or memory: http://www.dotmasr.eg/
Source: public-suffix-list.txt String found in binary or memory: http://www.eenet.ee/EENet/dom_reeglid.html#lisa_B
Source: public-suffix-list.txt String found in binary or memory: http://www.ert.gov.al/ert_alb/faq_det.html?Id=31
Source: package.html String found in binary or memory: http://www.gnu.org/licenses/licenses.html
Source: public-suffix-list.txt String found in binary or memory: http://www.gobin.info/domainname/bw.doc
Source: public-suffix-list.txt String found in binary or memory: http://www.gobin.info/domainname/formulaire-pf.pdf
Source: public-suffix-list.txt String found in binary or memory: http://www.gobin.info/domainname/ml-template.doc
Source: public-suffix-list.txt String found in binary or memory: http://www.gobin.info/domainname/sy.doc
Source: public-suffix-list.txt String found in binary or memory: http://www.gov.lt/index_en.php
Source: public-suffix-list.txt String found in binary or memory: http://www.government.pn/PnRegistry/policies.htm
Source: public-suffix-list.txt String found in binary or memory: http://www.ict.gov.qa/
Source: public-suffix-list.txt String found in binary or memory: http://www.icta.ky/da_ky_reg_dom.php
Source: public-suffix-list.txt String found in binary or memory: http://www.info.na/domain/
Source: public-suffix-list.txt String found in binary or memory: http://www.isnic.is/domain/rules.php
Source: public-suffix-list.txt String found in binary or memory: http://www.isoc.org.il/domains/
Source: public-suffix-list.txt String found in binary or memory: http://www.isoc.sd/sudanic.isoc.sd/billing_pricing.htm
Source: public-suffix-list.txt String found in binary or memory: http://www.kcce.kp/en_index.php
Source: public-suffix-list.txt String found in binary or memory: http://www.kenic.or.ke/index.php/en/ke-domains/ke-domains
Source: public-suffix-list.txt String found in binary or memory: http://www.ki/dns/index.html
Source: public-suffix-list.txt String found in binary or memory: http://www.monic.net.mo/
Source: public-suffix-list.txt String found in binary or memory: http://www.mos.com.np/register.html
Source: public-suffix-list.txt String found in binary or memory: http://www.mptc.gov.kh/dns_registration.htm
Source: public-suffix-list.txt String found in binary or memory: http://www.mynic.my/
Source: public-suffix-list.txt String found in binary or memory: http://www.na-nic.com.na/
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.af/help.jsp
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.ag/prices.htm
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.bs/rules.html
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.ci/index.php?page=charte
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.cr/niccr_publico/showRegistroDominiosScreen.do
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.cy/
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.dz/images/pdf_nic/charte.pdf
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.ec/reg/paso1.asp
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.gh/reg_now.php
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.gi/rules.html
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.gm/htmlpages%5Cgm-policy.htm
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.gp/index.php?lang=en
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.hn/politicas/ps02
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.ht/info/charte.cfm
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.io/rules.htm
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.ir/Internationalized_Domain_Names
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.ir/Terms_and_Conditions_ir
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.kz/rules/index.jsp
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.lc/rules.htm
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.ls/
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.lv/DNS/En/generic.php
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.ly/regulations.php
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.mc/
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.ms/pdf/MS_Domain_Name_Rules.pdf
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.mx/
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.net.ge/policy_en.pdf
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.net.sa/
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.net.sg/page/registration-policies-procedures-and-guidelines
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.ni/
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.org.uy/
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.pa/
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.pr/index.asp?f=1
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.ps/registration/policy.html#reg
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.py/pautas.html#seccion_9
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.sc/
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.sl
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.st/html/policyrules/
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.tg/
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.tj/policy.html
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.tm/local.html
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.tt/
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.vi/Domain_Rules/body_domain_rules.html
Source: public-suffix-list.txt String found in binary or memory: http://www.nic.vi/newdomainform.htm
Source: public-suffix-list.txt String found in binary or memory: http://www.nira.org.ng/index.php/join-us/register-ng-domain/189-nira-slds
Source: DEPENDENCIES String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: public-suffix-list.txt String found in binary or memory: http://www.pnina.ps
Source: DEPENDENCIES String found in binary or memory: http://www.qos.ch)
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.quovadis.bm
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A705000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.quovadis.bm0
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cps
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A705000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: public-suffix-list.txt String found in binary or memory: http://www.reg.uz/
Source: public-suffix-list.txt String found in binary or memory: http://www.registrar.mw/
Source: public-suffix-list.txt String found in binary or memory: http://www.registre.tn/fr/
Source: public-suffix-list.txt String found in binary or memory: http://www.rotld.ro/
Source: public-suffix-list.txt String found in binary or memory: http://www.sbnic.net.sb/
Source: public-suffix-list.txt String found in binary or memory: http://www.sispa.org.sz/
Source: pom.xml String found in binary or memory: http://www.slf4j.org
Source: DEPENDENCIES String found in binary or memory: http://www.slf4j.org)
Source: public-suffix-list.txt String found in binary or memory: http://www.svnet.org.sv/niveldos.pdf
Source: public-suffix-list.txt String found in binary or memory: http://www.telnic.org/
Source: public-suffix-list.txt String found in binary or memory: http://www.thnic.co.th
Source: public-suffix-list.txt String found in binary or memory: http://www.twnic.net/english/dn/dn_07a.htm
Source: public-suffix-list.txt String found in binary or memory: http://www.tznic.or.tz/index.php/domains
Source: public-suffix-list.txt String found in binary or memory: http://www.uem.mz/
Source: public-suffix-list.txt String found in binary or memory: http://www.una.cw/cw_registry/
Source: public-suffix-list.txt String found in binary or memory: http://www.vunic.vu/
Source: public-suffix-list.txt String found in binary or memory: http://www.y.net.ye/services/domain_name.htm
Source: java.exe, 00000002.00000002.1547644486.000000000A44E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org/bot7329733230:AAEdF2U_fUII6_UcoQvHXFo58ClSA0QJTbY
Source: java.exe, 00000002.00000002.1547644486.000000000A493000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org/bot7329733230:AAEdF2U_fUII6_UcoQvHXFo58ClSA0QJTbY/getUpdates
Source: def.jar String found in binary or memory: https://branchlock.net
Source: java.exe, 00000002.00000003.1289900874.0000000001359000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://branchlock.net3
Source: public-suffix-list.txt String found in binary or memory: https://cctld.ru/files/pdf/docs/en/rules_ru-rf.pdf
Source: DEPENDENCIES String found in binary or memory: https://conscrypt.org/)
Source: public-suffix-list.txt String found in binary or memory: https://en.isoc.org.il/il-cctld/registration-rules
Source: public-suffix-list.txt String found in binary or memory: https://eurid.eu
Source: pom.xml String found in binary or memory: https://github.com/douglascrockford/JSON-java
Source: pom.xml String found in binary or memory: https://github.com/douglascrockford/JSON-java.git
Source: public-suffix-list.txt String found in binary or memory: https://grweb.ics.forth.gr/english/1617-B-2005.html
Source: DEPENDENCIES String found in binary or memory: https://hc.apache.org/httpcomponents-core-5.3.x/5.3-beta1/httpcore5-h2/)
Source: DEPENDENCIES String found in binary or memory: https://hc.apache.org/httpcomponents-core-5.3.x/5.3-beta1/httpcore5/)
Source: public-suffix-list.txt String found in binary or memory: https://hostmaster.ua/2ld/
Source: public-suffix-list.txt String found in binary or memory: https://hostmaster.ua/policy/?ua
Source: public-suffix-list.txt String found in binary or memory: https://mozilla.org/MPL/2.0/.
Source: public-suffix-list.txt String found in binary or memory: https://mynic.my/resources/domains/buying-a-domain/
Source: public-suffix-list.txt String found in binary or memory: https://nic.ar/es/nic-argentina/normativa
Source: public-suffix-list.txt String found in binary or memory: https://nic.bj/bj-suffixes.txt
Source: public-suffix-list.txt String found in binary or memory: https://nic.bo/delegacion2015.php#h-1.10
Source: public-suffix-list.txt String found in binary or memory: https://nic.gw/regras/
Source: public-suffix-list.txt String found in binary or memory: https://nic.lk
Source: public-suffix-list.txt String found in binary or memory: https://nic.tr/
Source: public-suffix-list.txt String found in binary or memory: https://nic.tr/forms/eng/policies.pdf
Source: public-suffix-list.txt String found in binary or memory: https://nic.tr/index.php?USRACTN=PRICELST
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ocsp.quovadisoffshore.com
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A705000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: pom.xml String found in binary or memory: https://oss.sonatype.org/
Source: public-suffix-list.txt String found in binary or memory: https://pandi.id/en/domain/registration-requirements/
Source: public-suffix-list.txt String found in binary or memory: https://publicsuffix.org/list/.
Source: pom.xml String found in binary or memory: https://publicsuffix.org/list/effective_tld_names.dat
Source: public-suffix-list.txt String found in binary or memory: https://publicsuffix.org/list/public_suffix_list.dat
Source: public-suffix-list.txt String found in binary or memory: https://registro.nic.ve/
Source: public-suffix-list.txt String found in binary or memory: https://registry.in/policies
Source: public-suffix-list.txt String found in binary or memory: https://registry.nic.ss/
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://repository.luxtrust.lu
Source: java.exe, 00000002.00000002.1547644486.000000000A747000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1547644486.000000000A705000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://repository.luxtrust.lu0
Source: public-suffix-list.txt String found in binary or memory: https://tdra.gov.ae/en/aeda/ae-policies
Source: public-suffix-list.txt String found in binary or memory: https://teknisk.norid.no/en/feed/
Source: public-suffix-list.txt String found in binary or memory: https://tools.ietf.org/html/rfc7686
Source: public-suffix-list.txt String found in binary or memory: https://vnnic.vn/sites/default/files/tailieu/vn.cctld.domains.txt
Source: public-suffix-list.txt String found in binary or memory: https://welcome.museum/buy-your-dot-museum-2/
Source: public-suffix-list.txt String found in binary or memory: https://welcome.museum/wp-content/uploads/2018/05/20180525-Registration-Policy-MUSEUM-EN_VF-2.pdf
Source: public-suffix-list.txt String found in binary or memory: https://whois.ati.tn/
Source: public-suffix-list.txt String found in binary or memory: https://www.afnic.fr/
Source: public-suffix-list.txt String found in binary or memory: https://www.afnic.fr/wp-media/uploads/2022/12/afnic-naming-policy-2023-01-01.pdf
Source: public-suffix-list.txt String found in binary or memory: https://www.amnic.net/policy/en/Policy_EN.pdf
Source: DEPENDENCIES String found in binary or memory: https://www.apache.org/)
Source: DEPENDENCIES String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0)
Source: DEPENDENCIES String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0.txt)
Source: public-suffix-list.txt String found in binary or memory: https://www.dns.pt/en/domain/pt-terms-and-conditions-registration-rules/
Source: public-suffix-list.txt String found in binary or memory: https://www.gt/sitio/registration_policy.php?lang=en
Source: public-suffix-list.txt String found in binary or memory: https://www.hkirc.hk
Source: public-suffix-list.txt String found in binary or memory: https://www.hkirc.hk/content.jsp?id=30#
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/aaa.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/aarp.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/abb.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/abbott.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/abbvie.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/abc.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/able.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/abogado.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/abudhabi.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/academy.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/accenture.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/accountant.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/accountants.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/aco.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/actor.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/ads.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/adult.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/aeg.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/aetna.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/afl.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/africa.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/agakhan.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/agency.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/aig.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/airbus.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/airforce.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/airtel.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/akdn.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/alibaba.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/alipay.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/allfinanz.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/allstate.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/ally.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/alsace.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/alstom.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/amazon.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/americanexpress.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/americanfamily.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/amex.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/amfam.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/amica.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/amsterdam.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/analytics.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/android.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/anquan.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/anz.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/aol.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/apartments.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/app.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/apple.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/aquarelle.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/arab.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/aramco.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/archi.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/army.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/art.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/arte.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/asda.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/associates.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/athleta.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/attorney.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/auction.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/audi.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/audible.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/audio.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/auspost.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/author.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/auto.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/autos.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/aws.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/axa.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/azure.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/baby.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/baidu.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/banamex.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/band.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bank.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bar.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/barcelona.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/barclaycard.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/barclays.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/barefoot.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bargains.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/baseball.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/basketball.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bauhaus.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bayern.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bbc.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bbt.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bbva.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bcg.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bcn.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/beats.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/beauty.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/beer.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bentley.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/berlin.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/best.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bestbuy.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bet.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bharti.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bible.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bid.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bike.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bing.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bingo.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bio.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/black.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/blackfriday.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/blockbuster.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/blog.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bloomberg.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/blue.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bms.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bmw.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bnpparibas.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/boats.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/boehringer.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bofa.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bom.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bond.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/boo.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/book.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/booking.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bosch.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bostik.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/boston.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bot.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/boutique.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/box.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bradesco.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bridgestone.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/broadway.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/broker.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/brother.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/brussels.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/build.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/builders.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/business.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/buy.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/buzz.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/bzh.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cab.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cafe.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cal.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/call.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/calvinklein.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cam.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/camera.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/camp.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/canon.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/capetown.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/capital.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/capitalone.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/car.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/caravan.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cards.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/care.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/career.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/careers.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cars.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/casa.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/case.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cash.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/casino.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/catering.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/catholic.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cba.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cbn.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cbre.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/center.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/ceo.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cern.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cfa.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cfd.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/chanel.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/channel.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/charity.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/chase.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/chat.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cheap.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/chintai.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/christmas.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/chrome.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/church.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cipriani.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/circle.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cisco.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/citadel.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/citi.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/citic.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/city.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/claims.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cleaning.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/click.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/clinic.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/clinique.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/clothing.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cloud.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/club.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/clubmed.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/coach.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/codes.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/coffee.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/college.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cologne.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/commbank.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/community.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/company.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/compare.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/computer.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/comsec.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/condos.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/construction.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/consulting.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/contact.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/contractors.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cooking.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cool.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/corsica.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/country.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/coupon.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/coupons.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/courses.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/cpa.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/credit.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/creditcard.html
Source: public-suffix-list.txt String found in binary or memory: https://www.iana.org/domains/root/db/creditunion.html
Source: public-suffix-list.txt String found in binary or memory: https://www.icann.org/resources/registries/gtlds/v2/gtlds.json
Source: public-suffix-list.txt String found in binary or memory: https://www.information.aero/index.php?id=66
Source: public-suffix-list.txt String found in binary or memory: https://www.nic.cd/domain/insertDomain_2.jsp?act=1
Source: public-suffix-list.txt String found in binary or memory: https://www.nic.cl
Source: public-suffix-list.txt String found in binary or memory: https://www.nic.cy/portal//sites/default/files/symfonia_gia_eggrafi.pdf
Source: public-suffix-list.txt String found in binary or memory: https://www.nic.es/site_ingles/ingles/dominios/index.html
Source: public-suffix-list.txt String found in binary or memory: https://www.nic.im/
Source: public-suffix-list.txt String found in binary or memory: https://www.nic.it/sites/default/files/archivio/docs/Regulation_assignation_v7.1.pdf
Source: public-suffix-list.txt String found in binary or memory: https://www.nic.kw/policies/
Source: public-suffix-list.txt String found in binary or memory: https://www.nic.lk/index.php/domain-registration/lk-domain-naming-structure
Source: public-suffix-list.txt String found in binary or memory: https://www.nic.org.mt/go/policy
Source: public-suffix-list.txt String found in binary or memory: https://www.nic.pe/InformeFinalComision.pdf
Source: public-suffix-list.txt String found in binary or memory: https://www.norid.no/en/om-domenenavn/regelverk-for-no/
Source: public-suffix-list.txt String found in binary or memory: https://www.norid.no/en/om-domenenavn/regelverk-for-no/vedlegg-b/
Source: public-suffix-list.txt String found in binary or memory: https://www.norid.no/en/om-domenenavn/regelverk-for-no/vedlegg-c/
Source: public-suffix-list.txt String found in binary or memory: https://www.norid.no/en/om-domenenavn/regelverk-for-no/vedlegg-d/
Source: public-suffix-list.txt String found in binary or memory: https://www.potraz.gov.zw/
Source: public-suffix-list.txt String found in binary or memory: https://www.register.bg/user/static/rules/en/index.html
Source: public-suffix-list.txt String found in binary or memory: https://www.registry.co.ug/
Source: public-suffix-list.txt String found in binary or memory: https://www.ricta.org.rw/sites/default/files/resources/registry_registrar_contract_0.pdf
Source: public-suffix-list.txt String found in binary or memory: https://www.rnids.rs/en/domains/national-domains
Source: public-suffix-list.txt String found in binary or memory: https://www.sidn.nl/
Source: public-suffix-list.txt String found in binary or memory: https://www.uog.edu
Source: public-suffix-list.txt String found in binary or memory: https://www.vnnic.vn/en/domain/cctld-vn
Source: public-suffix-list.txt String found in binary or memory: https://www.zadna.org.za/content/page/domain-information/
Source: public-suffix-list.txt String found in binary or memory: https://zicta.zm/
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: classification engine Classification label: mal64.troj.expl.evad.winJAR@69/4@1/1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\83aa4cc77f591dfc2374580bbd95f6ba_9e146be9-c76a-4720-bcdb-53011b87bd06 Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6648:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7712:120:WilError_03
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7972:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7484:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5452:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7548:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8164:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6500:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7704:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7500:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7028:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7828:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7448:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7836:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7444:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7232:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7764:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8092:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7612:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8032:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2352:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7892:120:WilError_03
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe File created: C:\Users\user~1\AppData\Local\Temp\hsperfdata_user Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\conhost.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\conhost.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: tasklist.exe, 00000027.00000002.1469573689.000000000295B000.00000004.00000020.00020000.00000000.sdmp, tasklist.exe, 00000027.00000003.1469057996.000000000295B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Processs;
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user~1\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\def.jar"" >> C:\cmdlinestart.log 2>&1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user~1\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\def.jar"
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user~1\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\def.jar" Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\icacls.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32 Jump to behavior
Source: def.jar Static file information: File size 5499560 > 1048576

Data Obfuscation

barindex
Source: Yara match File source: def.jar, type: SAMPLE
Source: Yara match File source: 00000002.00000003.1289900874.0000000001359000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.1549705057.0000000015440000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: java.exe PID: 7280, type: MEMORYSTR
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Code function: 2_2_02C5CA90 push eax; retf 2_2_02C5CA99
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Code function: 2_2_02C59C2C push cs; retf 2_2_02C59C31
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Code function: 2_2_02C5C10B push cs; ret 2_2_02C5C111
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Code function: 2_2_02BBD8F7 push 00000000h; mov dword ptr [esp], esp 2_2_02BBD921
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Code function: 2_2_02BBA21B push ecx; ret 2_2_02BBA225
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Code function: 2_2_02BBA20A push ecx; ret 2_2_02BBA21A
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Code function: 2_2_02BBB3B7 push 00000000h; mov dword ptr [esp], esp 2_2_02BBB3DD
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Code function: 2_2_02BBBB67 push 00000000h; mov dword ptr [esp], esp 2_2_02BBBB8D
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Code function: 2_2_02BBD8E0 push 00000000h; mov dword ptr [esp], esp 2_2_02BBD921
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Code function: 2_2_02BBB947 push 00000000h; mov dword ptr [esp], esp 2_2_02BBB96D
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Code function: 2_2_02BBC477 push 00000000h; mov dword ptr [esp], esp 2_2_02BBC49D
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Source: java.exe, 00000002.00000002.1547644486.000000000A44E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: AUTORUNSC.EXE8
Source: java.exe, 00000002.00000002.1547644486.000000000A44E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: AUTORUNS.EXE8
Source: java.exe, 00000002.00000002.1547644486.000000000A44E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: WIRESHARK.EXE8
Source: java.exe, 00000002.00000002.1547644486.000000000A44E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OLLYDBG.EXE8
Source: java.exe, 00000002.00000002.1547644486.000000000A44E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: PROCMON.EXE8
Source: java.exe, 00000002.00000002.1547644486.000000000A44E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: FILEMON.EXE8
Source: java.exe, 00000002.00000002.1547644486.000000000A44E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: FIDDLER.EXE8
Source: java.exe, 00000002.00000002.1547644486.000000000A44E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: REGMON.EXE8
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Code function: 2_2_02C5B736 sldt cx 2_2_02C5B736
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: java.exe, 00000002.00000003.1299494609.0000000015260000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe, 00000002.00000003.1299494609.0000000015260000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe, 00000002.00000002.1530859490.000000000131B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: [Ljava/lang/VirtualMachineError;
Source: java.exe, 00000002.00000003.1299494609.0000000015260000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: java.exe, 00000002.00000002.1530859490.000000000131B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: cjava/lang/VirtualMachineError
Source: java.exe, 00000002.00000002.1547644486.000000000A44E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmware.exe8
Source: java.exe, 00000002.00000003.1299494609.0000000015260000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: java/lang/VirtualMachineError.classPK
Source: java.exe, 00000002.00000002.1547644486.000000000A44E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vboxtray.exe8
Source: java.exe, 00000002.00000002.1530859490.000000000131B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Code function: 2_2_02BB48A4 LdrInitializeThunk, 2_2_02BB48A4
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Memory protected: page read and write | page guard Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user~1\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\def.jar" Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Code function: 2_2_02BB03C0 cpuid 2_2_02BB03C0
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\7280 VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs